5.8
CVSSv2

CVE-2018-8581

Published: 14/11/2018 Updated: 09/04/2020
CVSS v2 Base Score: 5.8 | Impact Score: 4.9 | Exploitability Score: 8.6
CVSS v3 Base Score: 7.4 | Impact Score: 5.2 | Exploitability Score: 2.2
VMScore: 527
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N

Vulnerability Summary

An elevation of privilege vulnerability exists in Microsoft Exchange Server, aka "Microsoft Exchange Server Elevation of Privilege Vulnerability." This affects Microsoft Exchange Server.

Most Upvoted Vulmon Research Post

There is no Researcher post for this vulnerability
Would you like to share something about it? Sign up now to share your knowledge with the community.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

microsoft exchange server 2010

microsoft exchange server 2013

microsoft exchange server 2016

microsoft exchange server 2019

Github Repositories

CVE-2018-8581

CVE-2018-8581 这是一个邮箱层面的横向渗透和提权漏洞 它可以在拥有了一个普通权限邮箱账号密码后,完成对其他用户(包括域管理员)邮箱收件箱的委托接管 本EXP脚本是在原PoC基础上修改的增强版一键脚本,它将在配置好相关参数后,自动完成目标邮箱inbox收件箱的添加委托和删除委托操作

具有SMBv2支持的Metasploit NTLM relay模块

HTTP_NTLMRELAYX A Metasploit module for http->smb relay/reflection Avoid some bugs in impacket, and add features not available in the same type of msf modules Author Exist Installation Drop it in the exploit module directory, for example, exploit/windows/smb/ How to use it? set rhosts 19216811 set rport 445 set rtype SMB_AUTOPWN set ruripath c$\\windows run Op

Techniques that can be used to get from domain user to domain admin

DomainUserToDomainAdminTechniques Techniques that can be used to get from domain user to domain admin Powerup PowerupSQL Find-InterestingFile Invoke-Kerberoast Get-GPPPassword Bloodhound Find-localadminaccess Domain Password Spray Inveigh - LLMNR NBNS Poisioning Get-ExploitableSystem PowerWebShot Invoke-ShareFinder / Invoke-FileFinder SCCM Matt Nelson

2018年初整理的一些内网渗透TIPS,后面更新的慢,所以公开出来希望跟小伙伴们一起更新维护~

Author: Evi1cg Blog: evi1cggithubio Table of Contents 信息搜集 开源情报信息收集(OSINT) github whois查询/注册人反查/邮箱反查/相关资产 google hacking 创建企业密码字典 字典列表 密码生成 邮箱列表获取 泄露密码查询 对企业外部相关信息进行搜集 子域名获取 进入内网 基于企业弱账

做redteam时使用,修改自Ridter的https://github.com/Ridter/Intranet_Penetration_Tips

Intranet Penetration CheetSheets Modified by: z3r0yu Blog: zeroyuxyz Table of Contents 信息搜集 开源情报信息收集(OSINT) github whois查询/注册人反查/邮箱反查/相关资产 google hacking 创建企业密码字典 字典列表 密码生成 邮箱列表获取 泄露密码查询 对企业外部相关信息进行搜集 子域名获取

2018-2020青年安全圈-活跃技术博主/博客

Security-Data-Analysis-and-Visualization 2018-2020青年安全圈-活跃技术博主/博客 声明 所有数据均来自且仅来自公开信息,未加入个人先验知识,如有疑义,请及时联系root@4o4notfoundorg。 公开这批数据是为了大家一起更快更好地学习,请不要滥用这批数据,由此引发的问题,本人将概不负责。 对这

做redteam时使用,修改自Ridter的https://github.com/Ridter/Intranet_Penetration_Tips

Intranet Penetration Tips Modified by: z3r0yu Blog: zeroyuxyz PS: 主要增加的内容是自己在做redteam时候的一些技巧 Table of Contents 信息搜集 开源情报信息收集(OSINT) github whois查询/注册人反查/邮箱反查/相关资产 google hacking 创建企业密码字典 字典列表 密码生成 邮箱列表获取 泄露密码查询 对

Powershell tool to automate Active Directory enumeration.

adPEAS adPEAS is a Powershell tool to automate Active Directory enumeration In fact, adPEAS is like a wrapper for different other cool projects like PowerView Empire Bloodhound and some own written lines of code As said, adPEAS is a wrapper for other tools They are almost all written in pure Powershell but some of them are included as compressed binary blob or C# code How

Collection of quality safety articles

Project Description Collection of quality safety articles(To be rebuilt) collection-document awesome Some are inconvenient to release Some forget update,can see me star 以前的链接中大多不是优质的 渗透测试部分不再更新 因精力有限,缓慢更新 Author: [tom0li] Blog: tom0ligithubio Table of Contents Github-list 预警&a

Active Directory Kill Chain Attack & Defense Summary This document was designed to be a useful, informational asset for those looking to understand the specific tactics, techniques, and procedures (TTPs) attackers are leveraging to compromise active directory and guidance to mitigation, detection, and prevention And understand Active Directory Kill Chain Attack and Mo

https://github.com/infosecn1nja/AD-Attack-Defense

Active Directory Kill Chain Attack & Defense Summary This document was designed to be a useful, informational asset for those looking to understand the specific tactics, techniques, and procedures (TTPs) attackers are leveraging to compromise active directory and guidance to mitigation, detection, and prevention And understand Active Directory Kill Chain Attack and Mo

Active Directory Kill Chain Attack & Defense Summary This document was designed to be a useful, informational asset for those looking to understand the specific tactics, techniques, and procedures (TTPs) attackers are leveraging to compromise active directory and guidance to mitigation, detection, and prevention And understand Active Directory Kill Chain Attack and Mo

Active Directory Kill Chain Attack & Defense Summary This document was designed to be a useful, informational asset for those looking to understand the specific tactics, techniques, and procedures (TTPs) attackers are leveraging to compromise active directory and guidance to mitigation, detection, and prevention And understand Active Directory Kill Chain Attack and Mo

AD-Attack-Defense

Active Directory Kill Chain Attack & Defense Summary This document was designed to be a useful, informational asset for those looking to understand the specific tactics, techniques, and procedures (TTPs) attackers are leveraging to compromise active directory and guidance to mitigation, detection, and prevention And understand Active Directory Kill Chain Attack and Mo

CVEs enumerated by FireEye and that should be addressed to limit the effectiveness of leaked the Red Team tools CVE-2019-11510 – pre-auth arbitrary file reading from Pulse Secure SSL VPNs - CVSS 100 CVE-2020-1472 – Microsoft Active Directory escalation of privileges - CVSS 100 CVE-2018-13379 – pre-auth arbitrary file reading from Fortinet Fortigate SSL VPN

Attack and defend active directory using modern post exploitation adversary tradecraft activity

Active Directory Kill Chain Attack & Defense Summary This document was designed to be a useful, informational asset for those looking to understand the specific tactics, techniques, and procedures (TTPs) attackers are leveraging to compromise active directory and guidance to mitigation, detection, and prevention And understand Active Directory Kill Chain Attack and Mo

Active Directory Kill Chain Attack & Defense Summary This document was designed to be a useful, informational asset for those looking to understand the specific tactics, techniques, and procedures (TTPs) attackers are leveraging to compromise active directory and guidance to mitigation, detection, and prevention And understand Active Directory Kill Chain Attack and Mo

vFeed CVEs Vulnerability Indicators that should be addressed to limit the effectiveness of the Leaked FireEye Red Team tools CVE-2019-11510 – pre-auth arbitrary file reading from Pulse Secure SSL VPNs - CVSS 100 CVE-2020-1472 – Microsoft Active Directory escalation of privileges - CVSS 100 CVE-2018-13379 – pre-auth arbitrary file reading from Fortinet Forti

PenetrationTesting English Version Github的Readme显示不会超过4000行,而此Repo添加的工具和文章近万行,默认显示不全。当前页面是减配版:工具星数少于200且500天内没更新的不在此文档中显示。 点击这里查看完整版:中文-完整版 目录 工具 新添加的 (854) 新添加的 未分类 人工智能&&a

PenetrationTesting English Version Github的Readme显示不会超过4000行,而此Repo添加的工具和文章近万行,默认显示不全。当前页面是减配版:工具星数少于200且500天内没更新的不在此文档中显示。 点击这里查看完整版:中文-完整版 目录 工具 新添加的 (854) 新添加的 未分类 人工智能&&a

信息收集

RedTeam 信息收集 项目简介 一个 Red Team 攻击的生命周期,整个生命周期包括: 信息收集、攻击尝试获得权限、持久性控制、权限提升、网络信息收集、横向移动、数据分析(在这个基础上再做持久化控制)、在所有攻击结束之后清理并退出战场。 另一个专门扫描破解的项目 另一个红队资

“网址”传输助手,记载一下平时用到好的在线网址。

Resource-list author:Echocipher mail:echocipher@163com blog:echociphergithubio 项目起因来源于看到别人分享的blog链接大全,于是参考了一下其中的内容形成了本项目,如果侵权,敬请告知。整理了格式,添加了一些自己平时会用到的内容,难免重复或者疏漏,如果您有推荐的相关内容或者其

项目简介 一个 Red Team 攻击的生命周期,整个生命周期包括: 信息收集、攻击尝试获得权限、持久性控制、权限提升、网络信息收集、横向移动、数据分析(在这个基础上再做持久化控制)、在所有攻击结束之后清理并退出战场。 相关资源列表 mitre-attackgithubio/ mitre科技机构对

## суть RT -mitre-attackgithubio/ Краткое изложение вики технологии атак от организации miter Technology -[huntingdaygithubio](huntingdaygithubio/) MITER | ATT & CK Chinese station -[arxivorg](arxivorg/) Корнельский университет (Cornell University)

2019年红队资源链接,资源不是本人整理出来,来自互联网,因为流传的少,特意在此做个备份,做个分享。

项目简介 一个 Red Team 攻击的生命周期,整个生命周期包括: 信息收集、攻击尝试获得权限、持久性控制、权限提升、网络信息收集、横向移动、数据分析(在这个基础上再做持久化控制)、在所有攻击结束之后清理并退出战场。 相关资源列表 mitre-attackgithubio/ mitre科技机构对

Red-Team Attack Guid

项目简介 项目用于收集和归纳Red Team的以下几个方面 Red Team攻击思维 Red Team攻击工具 Red Team攻击方法 精华内容 mitre-attackgithubio/ mitre科技机构对攻击技术的总结wiki huntingdaygithubio MITRE | ATT&CK 中文站 arxivorg 康奈尔大学(Cornell University)开放文档 wwwowas

相关资源列表 mitre-attackgithubio/ mitre 科技机构对攻击技术的总结 wiki huntingdaygithubio MITRE | ATT&CK 中文站 arxivorg 康奈尔大学(Cornell University)开放文档 wwwowasporgcn/owasp-project/owasp-things OWASP 项目 wwwirongeekcom/iphp?page=security/hackingillustrated 国内外安全大会

日常积累的一些红队工具及自己写的脚本,更偏向于一些diy的好用的工具,并不是一些比较常用的msf/awvs/xray这种

redtool 日常积累的一些红队工具及自己写的脚本,更偏向于一些diy的好用的工具,并不是一些比较常用的msf/awvs/xray这种,缓慢积累中 说明 文件名 说明 cve-2017-10271py 漏洞poc cve-2020-0796-scannerzip 漏洞扫描器 HTTP代码爬取zip http代理池中爬取可用代理 Layer子域名挖掘机zip 子域名

项目简介 一个 Red Team 攻击的生命周期,整个生命周期包括: 信息收集、攻击尝试获得权限、持久性控制、权限提升、网络信息收集、横向移动、数据分析(在这个基础上再做持久化控制)、在所有攻击结束之后清理并退出战场。 相关资源列表 mitre-attackgithubio/ mitre科技机构对

简介 RedTeam活动周期各阶段资源整理。 相关资源 mitre-attackgithubio/ mitre科技机构对攻击技术的总结wiki huntingdaygithubio MITRE | ATT&CK 中文站 arxivorg 康奈尔大学(Cornell University)开放文档 wwwowasporgcn/owasp-project/owasp-things OWASP项目 wwwirongeekcom/iphp

RedTeam 项目简介 一个 Red Team 攻击的生命周期,整个生命周期包括: 信息收集、攻击尝试获得权限、持久性控制、权限提升、网络信息收集、横向移动、数据分析(在这个基础上再做持久化控制)、在所有攻击结束之后清理并退出战场。 和一个著名的蓝队项目:githubcom/meitar/awesome-c

hacking tools awesome lists

Awesome Stars A curated list of my GitHub stars! Generated by starred Contents ASP Arduino Assembly AutoHotkey AutoIt Batchfile Boo C C# C++ CMake CSS CoffeeScript Dart Dockerfile Emacs Lisp Erlang Game Maker Language Go HTML Haskell Java JavaScript Jupyter Notebook KiCad Kotlin Logos Lua M Makefile Markdown Mask Max Nginx OCaml Objective-C Objective-C++ Others PHP PLSQL P

项目简介 信息收集、攻击尝试获得权限、持久性控制、权限提升、网络信息收集、横向移动、数据分析(在这个基础上再做持久化控制)、擦痕迹。 安全相关资源列表 arxivorg 康奈尔大学(Cornell University)开放文档 githubcom/sindresorhus/awesome awesome系列 wwwowasporgcn/owasp-pr

信息收集 主机信息收集 敏感目录文件收集 目录爆破 字典 BurpSuite 搜索引擎语法 Google Hack DuckDuckgo 可搜索微博、人人网等屏蔽了主流搜索引擎的网站 Bing js文件泄漏后台或接口信息 快捷搜索第三方资源 findjs robotstxt 目录可访问( autoindex ) iis短文件名 IIS-ShortName-Scanner

PoC in GitHub 2020 CVE-2020-0014 It is possible for a malicious application to construct a TYPE_TOAST window manually and make that window clickable This could lead to a local escalation of privilege with no additional execution privileges needed User action is needed for exploitationProduct: AndroidVersions: Android-80 Android-81 Android-9 Android-10Android ID: A-1286745

PoC in GitHub 2020 CVE-2020-0014 (2020-02-13) It is possible for a malicious application to construct a TYPE_TOAST window manually and make that window clickable This could lead to a local escalation of privilege with no additional execution privileges needed User action is needed for exploitationProduct: AndroidVersions: Android-80 Android-81 Android-9 Android-10Android

PoC auto collect from GitHub.

PoC in GitHub 2020 CVE-2020-0022 In reassemble_and_dispatch of packet_fragmentercc, there is possible out of bounds write due to an incorrect bounds calculation This could lead to remote code execution over Bluetooth with no additional execution privileges needed User interaction is not needed for exploitationProduct: AndroidVersions: Android-80 Android-81 Android-9 Andr