CVE-2020-17144

Exchange2010 authorized RCE

CVE-2020-17144-EXP 条件: Exchange2010; 普通用户 默认用法(写webshell): CVE-2020-17144-EXPexe mailexamplecom user pass 执行命令 & 端口复用: 修改ExploitClasscs 参考 @zcgonvh mpweixinqqcom/s?__biz=MzI2NDk0MTM5MQ==&mid=2247483712&idx=1&sn=0b2cc3c9692f5c58a4eeb246d4b392fc&chksm=eaa5bb60ddd23276baf4cfd3fc

CVE-Search (name still in alpha), is a Machine Learning tool focused on the detection of exploits or proofs of concept in social networks such as Twitter, Github. It is also capable of doing related searches on Google, Yandex, DuckDuckGo on CVEs and detecting if the content may be a functional exploit, a proof of concept or simply information ab…

CVE-Search CVE-Search (name still in alpha), is a Machine Learning tool focused on the detection of exploits or proofs of concept in social networks such as Twitter, Github It is also capable of doing related searches on Google, Yandex, DuckDuckGo on CVEs and detecting if the content may be a functional exploit, a proof of concept or simply information about the vulnerabilit

Notepad Todo lo que tengo pendiente por revisar maquina Tally # Nmap 794 scan initiated Tue Jan 16 22:11:14 2024 as: nmap -sCV -p21,80,135,139,445,808,15567,32843,32844,32846,47001,49664,49665,49666,49667,49668,49669,49670 -vvv -oN Scan 101291183 Nmap scan report for 101291183 Host is up, received echo-reply ttl 127 (031s latency) Scanned at 2024-01-16 22:11:15 EST fo

weaponized tool for CVE-2020-17144

weaponized tool for CVE-2020-17144(Microsoft Exchange 2010 MRMAutoTagModel unsafe deserialize vulnerability) build install net framework 35 first, then make usage CVE-2020-17144 <target> <user> <pass> After exploit, access [target]/ews/soap/?pass=whoami to get command execution And y