zcgonvh/CVE-2020-17144 zcgonvh/CVE-2020-17144

  • Stars
    star
    157
  • Rank 237,254 (Top 5 %)
  • Language
    C#
  • Created almost 4 years ago
  • Updated almost 4 years ago
Twitter logo Share LinkedIn logo Share Facebook logo Share
zcgonvh/CVE-2020-17144
github

zcgonvh

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

weaponized tool for CVE-2020-17144

weaponized tool for CVE-2020-17144(Microsoft Exchange 2010 MRM.AutoTag.Model unsafe deserialize vulnerability)

build

install .net framework 3.5 first, then make.

usage

CVE-2020-17144 <target> <user> <pass>

After exploit, access http://[target]/ews/soap/?pass=whoami to get command execution.

And you can also modify e.cs as a customize exp.

for more information, read my-blog-post(in chinese).

More Repositories

1

EfsPotato

Exploit for EfsPotato(MS-EFSR EfsRpcOpenFileRaw with SeImpersonatePrivilege local privalege escalation vulnerability).
C#
709
star
2

DCOMPotato

Some Service DCOM Object and SeImpersonatePrivilege abuse.
C#
347
star
3

CVE-2020-0688

Exploit and detect tools for CVE-2020-0688
C#
347
star
4

TaskSchedulerMisc

Misc TaskScheduler Plays
C#
222
star
5

NTDSDumpEx

NTDS.dit offline dumper with non-elevated
C
211
star
6

cve-2017-7269

fixed msf module for cve-2017-7269
Ruby
133
star
7

SSMSPwd

SQL Server Management Studio(SSMS) saved password dumper
C#
107
star
8

cve-2017-7269-tool

CVE-2017-7269 to webshell or shellcode loader
C#
86
star
9

MS16-032

MS16-032(CVE-2016-0099) for SERVICE ONLY
C++
79
star
10

CVE-2017-0213

CVE-2017-0213 for command line
C++
57
star
11

POPFuckProxy

POP3 MITM example
C#
27
star
12

JavaTimeAgent

fix time for java application using javaAgent
C++
23
star
13

LinkedServerPwdDumper

SqlServer Linked Password Dumper.
JavaScript
16
star