scanning icon indicating copy to clipboard operation
scanning copied to clipboard

Published 20 hours ago verified publisher icon GossiTheDog

Unknown error code returned - 401

Open kort3x opened this issue 3 years ago • 7 comments

First of all: Thanks for the script.

I tried it against multiple servers, always getting this error:

nmap -sT -p 443 -P0 --script http-vuln-exchange-proxyshell.nse host.domain.de
Starting Nmap 7.92 ( https://nmap.org ) at 2021-08-10 14:53 Mitteleuropõische Sommerzeit
Nmap scan report for host.domain.de (xxx.xxx.xxx.xxx)
Host is up (0.00s latency).

PORT    STATE SERVICE
443/tcp open  https
|_http-vuln-exchange-proxyshell: Unknown error code returned - 401 - maybe not an Exchange server

I am a complete nmap noob - am i doing it wrong?

kort3x avatar Aug 10 '21 12:08 kort3x

nevermind - figured it out

I hadn't customized the script for the domains.

Sorry

kort3x avatar Aug 10 '21 13:08 kort3x

for others:

you have to change the domain in line 29 from test.com to your domain.

kort3x avatar Aug 10 '21 13:08 kort3x

huh, you shouldn't need to do that @kort3x

I think I'm going to add 401 as a not vulnerable response code, it looks like some environments give that

GossiTheDog avatar Aug 10 '21 13:08 GossiTheDog

Yeah, changing the domain inside the script doesn't affect my output (and all 5 Exchange servers I tested against return 401).

jernejs avatar Aug 10 '21 14:08 jernejs

guess i reopen then

kort3x avatar Aug 10 '21 15:08 kort3x

no idea why behavior changed for me - it now works aganist all servers no matter what domain i use in line 29

kort3x avatar Aug 10 '21 15:08 kort3x

I get a 401 on every Exchange 2016 installation that I checked, and a "not vulnerable" only on the Exchange 2013 installations. I have no Exchange 2019 to verify.

kerobra avatar Aug 13 '21 15:08 kerobra