OWASSRF CVE 2022 41082 POC Save

PoC for the CVE-2022-41080 , CVE-2022-41082 and CVE-2022-41076 Vulnerabilities Affecting Microsoft Exchange Servers

Project README

CVE-2022-41082-POC

PoC for the CVE-2022-41082 NotProxyShell OWASSRF Vulnerability Effecting Microsoft Exchange Servers

This is Post-Auth RCE for ProxyNotShell OWASSRF, valid cardentials are needed for command execution.

Added the Powershell PoC script for TabShell Vulnerability (CVE-2022-41076)

The TabShell vulnerability its a form of Privilege Escalation which allows breaking out of the restricted Powershell Sandbox after you have successfully gained access through OWASSRF.

Affected versions

Exchange 2013,16,19 till 08.11.2022 patch This exploit bypasses Microsoft Hotfix from October 2022

Setup

pip install -r requirements.txt

Running

usage: python poc.py [-H Target] [-u username] [-p "password"] [-c cmd_file]
python poc.py -H https://192.168.0.1 -u user2 -p "123QWEasd!@#" -c cmd_file'

Open Source Agenda is not affiliated with "OWASSRF CVE 2022 41082 POC" Project. README Source: balki97/OWASSRF-CVE-2022-41082-POC

Stars

Open Issues

Last Commit

1 year ago

Repository

balki97/OWASSRF-CVE-2022-41082-POC

Open Source Agenda Badge

<a href="https://www.opensourceagenda.com/projects/owassrf-cve-2022-41082-poc"><img src="https://www.opensourceagenda.com/projects/owassrf-cve-2022-41082-poc/reviews/badge.svg" alt="Open Source Agenda"></a>

Submit Review Review Your Favorite Project

Submit Resource Articles, Courses, Videos

Submit Article Submit a post to our blog

From the blog

Dec 11, 2022

How to Choose Which Programming Language to Learn First?

From the blog

Dec 11, 2022