CVE-2021-26855
Description
Microsoft Exchange Server Remote Code Execution Vulnerability
Severity: CRITICAL
CVE ID: CVE-2021-26855
CVSS Score: 9.8
CVSS Metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity: CRITICAL
CVE ID: CVE-2021-26855
CVSS Score: 9.1
CVSS Metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Proof Of Concept
Nuclei Templates for CVE-2021-26855
Refrence: Project Discovery GitHub
sgnls
IoC determination for exploitation of CVE-2021-26855, CVE-2021-26857, CVE-2021-26858 and CVE-2021-27065.
Refrence: GitHub
soteria-security
A PowerShell script to identify indicators of exploitation of CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, and CVE-2021-26865
Refrence: GitHub
cert-lv
Detect webshells dropped on Microsoft Exchange servers exploited through "proxylogon" group of vulnerabilites (CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, CVE-2021-27065)
Refrence: GitHub
conjojo
Microsoft Exchange Server SSRF漏洞(CVE-2021-26855)
Refrence: GitHub
pussycat0x
This script helps to identify CVE-2021-26855 ssrf Poc
Refrence: GitHub
La3B0z
CVE-2021-26855 SSRF Exchange Server
Refrence: GitHub
mekhalleh
Module pack for #ProxyLogon (part. of my contribute for Metasploit-Framework) [CVE-2021-26855 && CVE-2021-27065]
Refrence: GitHub
Yt1g3r
POC of CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, and CVE-2021-26865, ProxyLogon poc
Refrence: GitHub
hackerxj007
CVE-2021-26855 exp
Refrence: GitHub
dwisiswant0
A fast tool to mass scan for a vulnerability on Microsoft Exchange Server that allows an attacker bypassing the authentication and impersonating as the admin (CVE-2021-26855).
Refrence: GitHub
mauricelambert
This script test the CVE-2021-26855 vulnerability on Exchange Server.
Refrence: GitHub
DCScoder
CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, CVE-2021-27065
Refrence: GitHub
srvaccount
PoC exploit code for CVE-2021-26855
Refrence: GitHub
h4x0r-dz
Refrence: GitHub
alt3kx
Refrence: GitHub
raheel0x01
CVE-2021-26855, also known as Proxylogon, is a server-side request forgery (SSRF) vulnerability in Exchange that allows an attacker to send arbitrary HTTP requests and authenticate as the Exchange server.
Refrence: GitHub
hackerschoice
PoC of proxylogon chain SSRF(CVE-2021-26855) to write file by testanull, censored by github
Refrence: GitHub
SCS-Labs
CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, CVE-2021-27065
Refrence: GitHub
KotSec
Scanner and PoC for CVE-2021-26855
Refrence: GitHub
hakivvi
RCE exploit for Microsoft Exchange Server (CVE-2021-26855).
Refrence: GitHub
ZephrFish
CVE-2021-26855: PoC (Not a HoneyPoC for once!)
Refrence: GitHub
mil1200
RCE exploit for ProxyLogon vulnerability in Microsoft Exchange
Refrence: GitHub
evilashz
CVE-2021-26855 & CVE-2021-27065
Refrence: GitHub
ZephrFish
patched to work
Refrence: GitHub
Mr-xn
Refrence: GitHub
RickGeex
ProxyLogon is the formally generic name for CVE-2021-26855, a vulnerability on Microsoft Exchange Server that allows an attacker bypassing the authentication and impersonating as the admin. We have also chained this bug with another post-auth arbitrary-file-write vulnerability, CVE-2021-27065, to get code execution.
Refrence: GitHub
Immersive-Labs-Sec
Chaining CVE-2021-26855 and CVE-2021-26857 to exploit Microsoft Exchange
Refrence: GitHub
shacojx
Refrence: GitHub
TaroballzChen
CVE-2021-26855 proxyLogon metasploit exploit script
Refrence: GitHub
p0wershe11
ProxyLogon(CVE-2021-26855+CVE-2021-27065) Exchange Server RCE(SSRF->GetWebShell)
Refrence: GitHub
shacojx
Refrence: GitHub
catmandx
Microsoft Exchange Proxylogon Exploit Chain EXP分析
Refrence: GitHub
hictf
analytics ProxyLogo Mail exchange RCE
Refrence: GitHub
praetorian-inc
Proof-of-concept exploit for CVE-2021-26855 and CVE-2021-27065. Unauthenticated RCE in Exchange.
Refrence: GitHub
Flangvik
C# POC for CVE-2021-26855 aka ProxyLogon, supports the classically semi-interactive web shell as well as shellcode injection
Refrence: GitHub
hosch3n
[ProxyLogon] CVE-2021-26855 & CVE-2021-27065 Fixed RawIdentity Bug Exploit. [ProxyOracle] CVE-2021-31195 & CVE-2021-31196 Exploit Chains. [ProxyShell] CVE-2021-34473 & CVE-2021-34523 & CVE-2021-31207 Exploit Chains.
Refrence: GitHub
Nick-Yin12
針對近期微軟公布修補遭駭客攻擊的Exchange Server漏洞問題,台灣DEVCORE表示早在1月5日便已發現安全漏洞後,並且向微軟通報此項編號命名為「CVE-2021-26855 」,以及「CVE-2021-27065」的零日漏洞,同時也將此項漏洞稱為「ProxyLogon」。 此次揭露的「ProxyLogon」漏洞,是以無需驗證即可使用的遠端程式碼執行 (Pre-Auth Remote Code Execution;Pre-Auth RCE)零日漏洞(Zero-day exploit),可讓攻擊者得以繞過身份驗證步驟,驅使系統管理員協助執行惡意文件或執行指令,進而觸發更廣泛的攻擊。 「ProxyLogon」是微軟近期被揭露最重大的RCE漏洞之一,DEVCORE團隊遵循責任揭露 (Responsible Disclosure)原則,在發現後便第一時間立即於今年1月5日通報微軟進行修補,避免該漏洞遭有心人士利用,造成全球用戶重大損失。而微軟遂於3月2日針對相關漏洞釋出安全更新,避免用戶機敏資訊遭受惡意攻擊。個人想法:遭駭客攻擊的Exchange Server漏洞問題,台灣DEVCORE表示早在1月5日便已發現,並且向微軟通報此項編號命名為「CVE-2021-26855 」,以及「CVE-2021-27065」的零日漏洞,同時也將此項漏洞稱為「ProxyLogon」。 此次揭露的「ProxyLogon」漏洞,是以無需驗證即可使用的遠端程式碼執行 (Pre-Auth Remote Code Execution;Pre-Auth RCE)零日漏洞(Zero-day exploit),可讓攻擊者得以繞過身份驗證步驟,驅使系統管理員協助執行惡意文件或執行指令,進而觸發更廣泛的攻擊。 「ProxyLogon」是微軟近期被揭露最重大的RCE漏洞之一,DEVCORE團隊遵循責任揭露 (Responsible Disclosure)原則,在發現後便第一時間立即於今年1月5日通報微軟進行修補,避免該漏洞遭有心人士利用,造成全球用戶重大損失。而微軟遂於3月2日針對相關漏洞釋出安全更新,避免用戶機敏資訊遭受惡意攻擊。個人想法:微軟是大眾常用的軟體之一,駭客只要察覺漏洞就會進行惡意的攻擊,微軟公布4個Exchange Server的安全漏洞後,就遭受駭客的惡意攻擊,這件事的發生,微軟需更加小心並提高資安的防護。
Refrence: GitHub
yaoxiaoangry3
C# POC for CVE-2021-26855 aka ProxyLogon, supports the classically semi-interactive web shell as well as shellcode in…
Refrence: GitHub
thau0x01
Microsoft Exchange ProxyLogon PoC (CVE-2021-26855)
Refrence: GitHub
1342486672
C# POC for CVE-2021-26855 aka ProxyLogon, supports the classically semi-interactive web shell as well as shellcode in…
Refrence: GitHub
TheDudeD6
CVE-2021-26855
Refrence: GitHub
kh4sh3i
ProxyLogon (CVE-2021-26855+CVE-2021-27065) Exchange Server RCE (SSRF->GetWebShell)
Refrence: GitHub
byinarie
Tool to search for IOCs related to HAFNIUM: CVE-2021-26855 CVE-2021-26857 CVE-2021-26858 CVE-2021-27065
Refrence: GitHub
ssrsec
Microsoft Exchange CVE-2021-26855&CVE-2021-27065
Refrence: GitHub
MacAsure
Refrence: GitHub
timb-machine-mirrors
Clone from gist
Refrence: GitHub
Content on GitHub
herwonowr | watchers:160
exprolog
ProxyLogon Full Exploit Chain PoC (CVE-2021–26855, CVE-2021–26857, CVE-2021–26858, CVE-2021–27065)
Refrence: GitHub
Udyz | watchers:123
Proxylogon
ProxyLogon Pre-Auth SSRF To Arbitrary File Write
Refrence: GitHub
shacojx | watchers:4
CVE_2021_26855_SSRF
Refrence: GitHub
stressboi | watchers:6
hafnium-exchange-splunk-csvs
IOCs found exploiting CVE-2021-26855 thanks to info from Volexity and MS and Huntresslabs.
Refrence: GitHub