OWASSRF-CVE-2022-41082-POC
OWASSRF-CVE-2022-41082-POC copied to clipboard

Published 20 hours ago •

balki97

→

Metadata

PoC for the CVE-2022-41080 , CVE-2022-41082 and CVE-2022-41076 Vulnerabilities Affecting Microsoft Exchange Servers

Readme
Issues

CVE-2022-41082-POC

PoC for the CVE-2022-41082 NotProxyShell OWASSRF Vulnerability Effecting Microsoft Exchange Servers

This is Post-Auth RCE for ProxyNotShell OWASSRF, valid cardentials are needed for command execution.

Added the Powershell PoC script for TabShell Vulnerability (CVE-2022-41076)

The TabShell vulnerability its a form of Privilege Escalation which allows breaking out of the restricted Powershell Sandbox after you have successfully gained access through OWASSRF.

Affected versions

Exchange 2013,16,19 till 08.11.2022 patch This exploit bypasses Microsoft Hotfix from October 2022

Setup

pip install -r requirements.txt

Running

usage: python poc.py [-H Target] [-u username] [-p "password"] [-c cmd_file]
python poc.py -H https://192.168.0.1 -u user2 -p "123QWEasd!@#" -c cmd_file'

About

PoC for the CVE-2022-41080 , CVE-2022-41082 and CVE-2022-41076 Vulnerabilities Affecting Microsoft Exchange Servers

exploit

vulnerability

microsoft

exchange-server

cve-2022-41082

cve-2022-41076

cve-2022-41080

90

Stars

32

Forks

Watchers

Owner

balki97

← Metadata

90

Stars

32

Forks

Watchers

Owner

balki97

Metadata

PoC for the CVE-2022-41080 , CVE-2022-41082 and CVE-2022-41076 Vulnerabilities Affecting Microsoft Exchange Servers

Back

OWASSRF-CVE-2022-41082-POC OWASSRF-CVE-2022-41082-POC copied to clipboard

Metadata

CVE-2022-41082-POC

Added the Powershell PoC script for TabShell Vulnerability (CVE-2022-41076)

Affected versions

Setup

Running

← Metadata

Owner

Metadata

OWASSRF-CVE-2022-41082-POC
OWASSRF-CVE-2022-41082-POC copied to clipboard