module
Microsoft Exchange ProxyLogon Collector
| Disclosed | Created |
|---|---|
| Mar 2, 2021 | Mar 23, 2021 |
Disclosed
Mar 2, 2021
Created
Mar 23, 2021
Description
This module exploit a vulnerability on Microsoft Exchange Server that
allows an attacker bypassing the authentication and impersonating as the
admin (CVE-2021-26855).
By taking advantage of this vulnerability, it is possible to dump all
mailboxes (emails, attachments, contacts, ...).
This vulnerability affects (Exchange 2013 Versions
Exchange 2016 CU18 Exchange 2019 CU7
All components are vulnerable by default.
allows an attacker bypassing the authentication and impersonating as the
admin (CVE-2021-26855).
By taking advantage of this vulnerability, it is possible to dump all
mailboxes (emails, attachments, contacts, ...).
This vulnerability affects (Exchange 2013 Versions
Exchange 2016 CU18 Exchange 2019 CU7
All components are vulnerable by default.
Authors
Orange Tsai
GreyOrder
mekhalleh (RAMELLA Sébastien)
GreyOrder
mekhalleh (RAMELLA Sébastien)
References
Module Options
To display the available options, load the module within the Metasploit console and run the commands 'show options' or 'show advanced':
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.