[ { "id": 344161221, "name": "exchange-0days-202103", "full_name": "sgnls\/exchange-0days-202103", "owner": { "login": "sgnls", "id": 11134228, "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/11134228?v=4", "html_url": "https:\/\/github.com\/sgnls" }, "html_url": "https:\/\/github.com\/sgnls\/exchange-0days-202103", "description": "IoC determination for exploitation of CVE-2021-26855, CVE-2021-26857, CVE-2021-26858 and CVE-2021-27065.", "fork": false, "created_at": "2021-03-03T14:50:16Z", "updated_at": "2021-03-15T11:42:08Z", "pushed_at": "2021-03-15T11:42:06Z", "stargazers_count": 5, "watchers_count": 5, "forks_count": 4, "forks": 4, "watchers": 5, "score": 0 }, { "id": 344210374, "name": "HAFNIUM-IOC", "full_name": "soteria-security\/HAFNIUM-IOC", "owner": { "login": "soteria-security", "id": 49722282, "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/49722282?v=4", "html_url": "https:\/\/github.com\/soteria-security" }, "html_url": "https:\/\/github.com\/soteria-security\/HAFNIUM-IOC", "description": "A PowerShell script to identify indicators of exploitation of CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, and CVE-2021-26865", "fork": false, "created_at": "2021-03-03T17:36:18Z", "updated_at": "2021-04-12T15:26:58Z", "pushed_at": "2021-03-05T17:09:01Z", "stargazers_count": 15, "watchers_count": 15, "forks_count": 1, "forks": 1, "watchers": 15, "score": 0 }, { "id": 344742582, "name": "exchange_webshell_detection", "full_name": "cert-lv\/exchange_webshell_detection", "owner": { "login": "cert-lv", "id": 22764485, "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/22764485?v=4", "html_url": "https:\/\/github.com\/cert-lv" }, "html_url": "https:\/\/github.com\/cert-lv\/exchange_webshell_detection", "description": "Detect webshells dropped on Microsoft Exchange servers exploited through \"proxylogon\" group of vulnerabilites (CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, CVE-2021-27065)", "fork": false, "created_at": "2021-03-05T08:22:07Z", "updated_at": "2021-04-28T01:21:21Z", "pushed_at": "2021-03-16T08:34:14Z", "stargazers_count": 88, "watchers_count": 88, "forks_count": 20, "forks": 20, "watchers": 88, "score": 0 }, { "id": 345052378, "name": "Microsoft_Exchange_Server_SSRF_CVE-2021-26855", "full_name": "conjojo\/Microsoft_Exchange_Server_SSRF_CVE-2021-26855", "owner": { "login": "conjojo", "id": 79626719, "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/79626719?v=4", "html_url": "https:\/\/github.com\/conjojo" }, "html_url": "https:\/\/github.com\/conjojo\/Microsoft_Exchange_Server_SSRF_CVE-2021-26855", "description": "Microsoft Exchange Server SSRF漏洞(CVE-2021-26855)", "fork": false, "created_at": "2021-03-06T09:15:55Z", "updated_at": "2021-05-01T17:36:20Z", "pushed_at": "2021-03-06T10:34:49Z", "stargazers_count": 37, "watchers_count": 37, "forks_count": 8, "forks": 8, "watchers": 37, "score": 0 }, { "id": 345173055, "name": "CVE-2021-26855-SSRF", "full_name": "pussycat0x\/CVE-2021-26855-SSRF", "owner": { "login": "pussycat0x", "id": 65701233, "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/65701233?v=4", "html_url": "https:\/\/github.com\/pussycat0x" }, "html_url": "https:\/\/github.com\/pussycat0x\/CVE-2021-26855-SSRF", "description": "This script helps to identify CVE-2021-26855 ssrf Poc", "fork": false, "created_at": "2021-03-06T19:03:00Z", "updated_at": "2021-05-01T09:36:53Z", "pushed_at": "2021-03-10T07:41:56Z", "stargazers_count": 17, "watchers_count": 17, "forks_count": 8, "forks": 8, "watchers": 17, "score": 0 }, { "id": 345215022, "name": "CVE-2021-26855", "full_name": "0xAbdullah\/CVE-2021-26855", "owner": { "login": "0xAbdullah", "id": 29471278, "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/29471278?v=4", "html_url": "https:\/\/github.com\/0xAbdullah" }, "html_url": "https:\/\/github.com\/0xAbdullah\/CVE-2021-26855", "description": "PoC for CVE-2021-26855 -Just a checker-", "fork": false, "created_at": "2021-03-06T23:12:22Z", "updated_at": "2021-03-15T17:37:56Z", "pushed_at": "2021-03-09T22:07:46Z", "stargazers_count": 13, "watchers_count": 13, "forks_count": 2, "forks": 2, "watchers": 13, "score": 0 }, { "id": 345228496, "name": "CVE-2021-26855-SSRF-Exchange", "full_name": "Th3eCrow\/CVE-2021-26855-SSRF-Exchange", "owner": { "login": "Th3eCrow", "id": 10507748, "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/10507748?v=4", "html_url": "https:\/\/github.com\/Th3eCrow" }, "html_url": "https:\/\/github.com\/Th3eCrow\/CVE-2021-26855-SSRF-Exchange", "description": "CVE-2021-26855 SSRF Exchange Server", "fork": false, "created_at": "2021-03-07T00:55:16Z", "updated_at": "2021-03-10T04:02:32Z", "pushed_at": "2021-03-06T18:57:43Z", "stargazers_count": 6, "watchers_count": 6, "forks_count": 3, "forks": 3, "watchers": 6, "score": 0 }, { "id": 345337490, "name": "exchange_proxylogon", "full_name": "mekhalleh\/exchange_proxylogon", "owner": { "login": "mekhalleh", "id": 5225129, "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/5225129?v=4", "html_url": "https:\/\/github.com\/mekhalleh" }, "html_url": "https:\/\/github.com\/mekhalleh\/exchange_proxylogon", "description": "Module pack for #ProxyLogon (part. of my contribute for Metasploit-Framework) [CVE-2021-26855 && CVE-2021-27065]", "fork": false, "created_at": "2021-03-07T12:12:16Z", "updated_at": "2021-04-10T04:55:12Z", "pushed_at": "2021-03-29T08:42:01Z", "stargazers_count": 2, "watchers_count": 2, "forks_count": 2, "forks": 2, "watchers": 2, "score": 0 }, { "id": 345567206, "name": "CVE-2021-26855_SSRF", "full_name": "Yt1g3r\/CVE-2021-26855_SSRF", "owner": { "login": "Yt1g3r", "id": 12625147, "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/12625147?v=4", "html_url": "https:\/\/github.com\/Yt1g3r" }, "html_url": "https:\/\/github.com\/Yt1g3r\/CVE-2021-26855_SSRF", "description": "POC of CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, and CVE-2021-26865, ProxyLogon poc", "fork": false, "created_at": "2021-03-08T07:28:21Z", "updated_at": "2021-03-12T16:16:04Z", "pushed_at": "2021-03-11T03:28:47Z", "stargazers_count": 2, "watchers_count": 2, "forks_count": 4, "forks": 4, "watchers": 2, "score": 0 }, { "id": 345586288, "name": "CVE-2021-26855", "full_name": "charlottelatest\/CVE-2021-26855", "owner": { "login": "charlottelatest", "id": 34669056, "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/34669056?v=4", "html_url": "https:\/\/github.com\/charlottelatest" }, "html_url": "https:\/\/github.com\/charlottelatest\/CVE-2021-26855", "description": "CVE-2021-26855 exp", "fork": false, "created_at": "2021-03-08T08:39:05Z", "updated_at": "2021-04-21T12:21:29Z", "pushed_at": "2021-03-08T08:09:01Z", "stargazers_count": 80, "watchers_count": 80, "forks_count": 67, "forks": 67, "watchers": 80, "score": 0 }, { "id": 345639477, "name": "proxylogscan", "full_name": "dwisiswant0\/proxylogscan", "owner": { "login": "dwisiswant0", "id": 25837540, "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/25837540?v=4", "html_url": "https:\/\/github.com\/dwisiswant0" }, "html_url": "https:\/\/github.com\/dwisiswant0\/proxylogscan", "description": "A fast tool to mass scan for a vulnerability on Microsoft Exchange Server that allows an attacker bypassing the authentication and impersonating as the admin (CVE-2021-26855).", "fork": false, "created_at": "2021-03-08T11:54:32Z", "updated_at": "2021-04-23T05:18:18Z", "pushed_at": "2021-03-17T11:21:52Z", "stargazers_count": 115, "watchers_count": 115, "forks_count": 19, "forks": 19, "watchers": 115, "score": 0 }, { "id": 345955330, "name": "ExchangeWeaknessTest", "full_name": "mauricelambert\/ExchangeWeaknessTest", "owner": { "login": "mauricelambert", "id": 50479118, "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/50479118?v=4", "html_url": "https:\/\/github.com\/mauricelambert" }, "html_url": "https:\/\/github.com\/mauricelambert\/ExchangeWeaknessTest", "description": "This script test the CVE-2021-26855 vulnerability on Exchange Server.", "fork": false, "created_at": "2021-03-09T09:40:29Z", "updated_at": "2021-03-09T09:43:55Z", "pushed_at": "2021-03-09T09:42:51Z", "stargazers_count": 0, "watchers_count": 0, "forks_count": 0, "forks": 0, "watchers": 0, "score": 0 }, { "id": 345970212, "name": "Exchange_IOC_Hunter", "full_name": "DCScoder\/Exchange_IOC_Hunter", "owner": { "login": "DCScoder", "id": 42096735, "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/42096735?v=4", "html_url": "https:\/\/github.com\/DCScoder" }, "html_url": "https:\/\/github.com\/DCScoder\/Exchange_IOC_Hunter", "description": "CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, CVE-2021-27065", "fork": false, "created_at": "2021-03-09T10:36:44Z", "updated_at": "2021-03-17T10:22:07Z", "pushed_at": "2021-03-17T10:22:05Z", "stargazers_count": 0, "watchers_count": 0, "forks_count": 0, "forks": 0, "watchers": 0, "score": 0 }, { "id": 345990340, "name": "CVE-2021-26855", "full_name": "PwCNO-CTO\/CVE-2021-26855", "owner": { "login": "PwCNO-CTO", "id": 58770486, "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/58770486?v=4", "html_url": "https:\/\/github.com\/PwCNO-CTO" }, "html_url": "https:\/\/github.com\/PwCNO-CTO\/CVE-2021-26855", "description": "Microsoft Exchange Server Remote Code Execution Vulnerability (ProxyLogon)", "fork": false, "created_at": "2021-03-09T11:57:26Z", "updated_at": "2021-03-09T11:57:26Z", "pushed_at": "2021-03-09T11:57:27Z", "stargazers_count": 0, "watchers_count": 0, "forks_count": 0, "forks": 0, "watchers": 0, "score": 0 }, { "id": 346033440, "name": "CVE-2021-26855-PoC", "full_name": "srvaccount\/CVE-2021-26855-PoC", "owner": { "login": "srvaccount", "id": 76211832, "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/76211832?v=4", "html_url": "https:\/\/github.com\/srvaccount" }, "html_url": "https:\/\/github.com\/srvaccount\/CVE-2021-26855-PoC", "description": "PoC exploit code for CVE-2021-26855", "fork": false, "created_at": "2021-03-09T14:27:06Z", "updated_at": "2021-04-14T06:57:53Z", "pushed_at": "2021-03-09T21:59:53Z", "stargazers_count": 5, "watchers_count": 5, "forks_count": 18, "forks": 18, "watchers": 5, "score": 0 }, { "id": 346078570, "name": "CVE-2021-26855", "full_name": "h4x0r-dz\/CVE-2021-26855", "owner": { "login": "h4x0r-dz", "id": 26070859, "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/26070859?v=4", "html_url": "https:\/\/github.com\/h4x0r-dz" }, "html_url": "https:\/\/github.com\/h4x0r-dz\/CVE-2021-26855", "description": null, "fork": false, "created_at": "2021-03-09T16:54:39Z", "updated_at": "2021-04-16T23:56:31Z", "pushed_at": "2021-03-09T16:56:09Z", "stargazers_count": 77, "watchers_count": 77, "forks_count": 58, "forks": 58, "watchers": 77, "score": 0 }, { "id": 346241102, "name": "CVE-2021-26855_PoC", "full_name": "alt3kx\/CVE-2021-26855_PoC", "owner": { "login": "alt3kx", "id": 3140111, "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/3140111?v=4", "html_url": "https:\/\/github.com\/alt3kx" }, "html_url": "https:\/\/github.com\/alt3kx\/CVE-2021-26855_PoC", "description": null, "fork": false, "created_at": "2021-03-10T05:21:19Z", "updated_at": "2021-04-22T03:08:08Z", "pushed_at": "2021-03-12T16:19:50Z", "stargazers_count": 44, "watchers_count": 44, "forks_count": 26, "forks": 26, "watchers": 44, "score": 0 }, { "id": 346347325, "name": "CVE-2021-26855", "full_name": "achabahe\/CVE-2021-26855", "owner": { "login": "achabahe", "id": 12010973, "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/12010973?v=4", "html_url": "https:\/\/github.com\/achabahe" }, "html_url": "https:\/\/github.com\/achabahe\/CVE-2021-26855", "description": null, "fork": false, "created_at": "2021-03-10T12:23:43Z", "updated_at": "2021-03-12T08:21:02Z", "pushed_at": "2021-03-10T12:46:41Z", "stargazers_count": 4, "watchers_count": 4, "forks_count": 3, "forks": 3, "watchers": 4, "score": 0 }, { "id": 346816198, "name": "eeb927d1189ad44742095f58636483984bfbfa355f69f94439e276df306d9568", "full_name": "raheel0x01\/eeb927d1189ad44742095f58636483984bfbfa355f69f94439e276df306d9568", "owner": { "login": "raheel0x01", "id": 65211256, "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/65211256?v=4", "html_url": "https:\/\/github.com\/raheel0x01" }, "html_url": "https:\/\/github.com\/raheel0x01\/eeb927d1189ad44742095f58636483984bfbfa355f69f94439e276df306d9568", "description": "CVE-2021-26855, also known as Proxylogon, is a server-side request forgery (SSRF) vulnerability in Exchange that allows an attacker to send arbitrary HTTP requests and authenticate as the Exchange server. According to Orange Tsai, the researcher who discovered the vulnerabilities, CVE-2021-26855 allows code execution when chained with CVE-2021-27065 (see below). A successful exploit chain would allow an unauthenticated attacker to \"execute arbitrary commands on Microsoft Exchange Server through only an open 443 port.\" More information and a disclosure timeline are available at https:\/\/proxylogon.com.", "fork": false, "created_at": "2021-03-11T19:35:35Z", "updated_at": "2021-04-05T12:38:13Z", "pushed_at": "2021-03-14T23:51:37Z", "stargazers_count": 10, "watchers_count": 10, "forks_count": 3, "forks": 3, "watchers": 10, "score": 0 }, { "id": 346834084, "name": "CVE-2021-26855", "full_name": "hackerschoice\/CVE-2021-26855", "owner": { "login": "hackerschoice", "id": 57636453, "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/57636453?v=4", "html_url": "https:\/\/github.com\/hackerschoice" }, "html_url": "https:\/\/github.com\/hackerschoice\/CVE-2021-26855", "description": "PoC of proxylogon chain SSRF(CVE-2021-26855) to write file by testanull, censored by github", "fork": false, "created_at": "2021-03-11T20:51:48Z", "updated_at": "2021-04-26T08:17:54Z", "pushed_at": "2021-03-11T20:58:08Z", "stargazers_count": 48, "watchers_count": 48, "forks_count": 30, "forks": 30, "watchers": 48, "score": 0 }, { "id": 346840803, "name": "HAFNIUM-Microsoft-Exchange-0day", "full_name": "SCS-Labs\/HAFNIUM-Microsoft-Exchange-0day", "owner": { "login": "SCS-Labs", "id": 67705746, "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/67705746?v=4", "html_url": "https:\/\/github.com\/SCS-Labs" }, "html_url": "https:\/\/github.com\/SCS-Labs\/HAFNIUM-Microsoft-Exchange-0day", "description": "CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, CVE-2021-27065", "fork": false, "created_at": "2021-03-11T21:18:29Z", "updated_at": "2021-04-19T19:31:47Z", "pushed_at": "2021-04-19T19:31:45Z", "stargazers_count": 5, "watchers_count": 5, "forks_count": 1, "forks": 1, "watchers": 5, "score": 0 }, { "id": 347064151, "name": "CVE-2021-26855-Scanner", "full_name": "KotSec\/CVE-2021-26855-Scanner", "owner": { "login": "KotSec", "id": 80525807, "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/80525807?v=4", "html_url": "https:\/\/github.com\/KotSec" }, "html_url": "https:\/\/github.com\/KotSec\/CVE-2021-26855-Scanner", "description": "Scanner and PoC for CVE-2021-26855 ", "fork": false, "created_at": "2021-03-12T12:47:41Z", "updated_at": "2021-03-15T23:37:29Z", "pushed_at": "2021-03-12T12:55:57Z", "stargazers_count": 3, "watchers_count": 3, "forks_count": 2, "forks": 2, "watchers": 3, "score": 0 }, { "id": 347638787, "name": "proxylogon", "full_name": "hakivvi\/proxylogon", "owner": { "login": "hakivvi", "id": 67718634, "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/67718634?v=4", "html_url": "https:\/\/github.com\/hakivvi" }, "html_url": "https:\/\/github.com\/hakivvi\/proxylogon", "description": "my exploit for the proxylogon chain (Microsoft Exchange Server - CVE-2021-26855) ", "fork": false, "created_at": "2021-03-14T13:04:07Z", "updated_at": "2021-05-01T21:03:48Z", "pushed_at": "2021-05-01T08:25:46Z", "stargazers_count": 4, "watchers_count": 4, "forks_count": 0, "forks": 0, "watchers": 4, "score": 0 }, { "id": 347658157, "name": "Exch-CVE-2021-26855", "full_name": "ZephrFish\/Exch-CVE-2021-26855", "owner": { "login": "ZephrFish", "id": 5783068, "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/5783068?v=4", "html_url": "https:\/\/github.com\/ZephrFish" }, "html_url": "https:\/\/github.com\/ZephrFish\/Exch-CVE-2021-26855", "description": "CVE-2021-26855: PoC (Not a HoneyPoC for once!)", "fork": false, "created_at": "2021-03-14T14:23:34Z", "updated_at": "2021-04-07T06:10:35Z", "pushed_at": "2021-03-15T18:56:38Z", "stargazers_count": 21, "watchers_count": 21, "forks_count": 9, "forks": 9, "watchers": 21, "score": 0 }, { "id": 347774757, "name": "ProxyLogon-CVE-2021-26855", "full_name": "mil1200\/ProxyLogon-CVE-2021-26855", "owner": { "login": "mil1200", "id": 18125445, "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/18125445?v=4", "html_url": "https:\/\/github.com\/mil1200" }, "html_url": "https:\/\/github.com\/mil1200\/ProxyLogon-CVE-2021-26855", "description": "RCE exploit for ProxyLogon vulnerability in Microsoft Exchange", "fork": false, "created_at": "2021-03-14T22:57:21Z", "updated_at": "2021-04-16T09:30:22Z", "pushed_at": "2021-03-14T23:03:12Z", "stargazers_count": 6, "watchers_count": 6, "forks_count": 8, "forks": 8, "watchers": 6, "score": 0 }, { "id": 347992754, "name": "CVE-2021-26855-d", "full_name": "Mr-xn\/CVE-2021-26855-d", "owner": { "login": "Mr-xn", "id": 18260135, "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/18260135?v=4", "html_url": "https:\/\/github.com\/Mr-xn" }, "html_url": "https:\/\/github.com\/Mr-xn\/CVE-2021-26855-d", "description": null, "fork": false, "created_at": "2021-03-15T14:03:16Z", "updated_at": "2021-03-16T12:52:25Z", "pushed_at": "2021-03-15T14:08:16Z", "stargazers_count": 5, "watchers_count": 5, "forks_count": 2, "forks": 2, "watchers": 5, "score": 0 }, { "id": 348253285, "name": "ProxyLogon", "full_name": "RickGeex\/ProxyLogon", "owner": { "login": "RickGeex", "id": 7975904, "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/7975904?v=4", "html_url": "https:\/\/github.com\/RickGeex" }, "html_url": "https:\/\/github.com\/RickGeex\/ProxyLogon", "description": "ProxyLogon is the formally generic name for CVE-2021-26855, a vulnerability on Microsoft Exchange Server that allows an attacker bypassing the authentication and impersonating as the admin. We have also chained this bug with another post-auth arbitrary-file-write vulnerability, CVE-2021-27065, to get code execution.", "fork": false, "created_at": "2021-03-16T07:31:25Z", "updated_at": "2021-05-01T17:20:16Z", "pushed_at": "2021-05-01T17:20:15Z", "stargazers_count": 2, "watchers_count": 2, "forks_count": 0, "forks": 0, "watchers": 2, "score": 0 }, { "id": 348300485, "name": "ProxyLogon", "full_name": "Immersive-Labs-Sec\/ProxyLogon", "owner": { "login": "Immersive-Labs-Sec", "id": 79456607, "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/79456607?v=4", "html_url": "https:\/\/github.com\/Immersive-Labs-Sec" }, "html_url": "https:\/\/github.com\/Immersive-Labs-Sec\/ProxyLogon", "description": "Chaining CVE-2021-26855 and CVE-2021-26857 to exploit Microsoft Exchange", "fork": false, "created_at": "2021-03-16T10:14:56Z", "updated_at": "2021-03-24T16:54:40Z", "pushed_at": "2021-03-22T09:22:20Z", "stargazers_count": 3, "watchers_count": 3, "forks_count": 0, "forks": 0, "watchers": 3, "score": 0 }, { "id": 348408422, "name": "Scan-Vuln-CVE-2021-26855", "full_name": "shacojx\/Scan-Vuln-CVE-2021-26855", "owner": { "login": "shacojx", "id": 19655109, "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/19655109?v=4", "html_url": "https:\/\/github.com\/shacojx" }, "html_url": "https:\/\/github.com\/shacojx\/Scan-Vuln-CVE-2021-26855", "description": null, "fork": false, "created_at": "2021-03-16T15:59:17Z", "updated_at": "2021-03-20T01:39:29Z", "pushed_at": "2021-03-18T10:52:00Z", "stargazers_count": 3, "watchers_count": 3, "forks_count": 2, "forks": 2, "watchers": 3, "score": 0 }, { "id": 348568793, "name": "ProxyLogon-CVE-2021-26855-metasploit", "full_name": "TaroballzChen\/ProxyLogon-CVE-2021-26855-metasploit", "owner": { "login": "TaroballzChen", "id": 27862593, "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/27862593?v=4", "html_url": "https:\/\/github.com\/TaroballzChen" }, "html_url": "https:\/\/github.com\/TaroballzChen\/ProxyLogon-CVE-2021-26855-metasploit", "description": "CVE-2021-26855 proxyLogon metasploit exploit script", "fork": false, "created_at": "2021-03-17T03:32:19Z", "updated_at": "2021-03-24T00:34:24Z", "pushed_at": "2021-03-17T05:51:30Z", "stargazers_count": 0, "watchers_count": 0, "forks_count": 2, "forks": 2, "watchers": 0, "score": 0 }, { "id": 348573564, "name": "ProxyLogon", "full_name": "p0wershe11\/ProxyLogon", "owner": { "login": "p0wershe11", "id": 80803923, "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/80803923?v=4", "html_url": "https:\/\/github.com\/p0wershe11" }, "html_url": "https:\/\/github.com\/p0wershe11\/ProxyLogon", "description": "ProxyLogon(CVE-2021-26855+CVE-2021-27065) Exchange Server RCE(SSRF->GetWebShell)", "fork": false, "created_at": "2021-03-17T03:56:54Z", "updated_at": "2021-05-01T08:18:16Z", "pushed_at": "2021-03-17T05:06:18Z", "stargazers_count": 57, "watchers_count": 57, "forks_count": 17, "forks": 17, "watchers": 57, "score": 0 }, { "id": 348894495, "name": "CVE-2021-26855_Exchange", "full_name": "r0ckysec\/CVE-2021-26855_Exchange", "owner": { "login": "r0ckysec", "id": 44518337, "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/44518337?v=4", "html_url": "https:\/\/github.com\/r0ckysec" }, "html_url": "https:\/\/github.com\/r0ckysec\/CVE-2021-26855_Exchange", "description": "Microsoft Exchange Proxylogon Exploit Chain EXP分析", "fork": false, "created_at": "2021-03-18T00:44:29Z", "updated_at": "2021-03-24T10:39:36Z", "pushed_at": "2021-03-24T10:39:34Z", "stargazers_count": 1, "watchers_count": 1, "forks_count": 1, "forks": 1, "watchers": 1, "score": 0 }, { "id": 349035798, "name": "CVE-2021-26855-exploit-Exchange", "full_name": "shacojx\/CVE-2021-26855-exploit-Exchange", "owner": { "login": "shacojx", "id": 19655109, "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/19655109?v=4", "html_url": "https:\/\/github.com\/shacojx" }, "html_url": "https:\/\/github.com\/shacojx\/CVE-2021-26855-exploit-Exchange", "description": null, "fork": false, "created_at": "2021-03-18T10:45:54Z", "updated_at": "2021-04-06T01:57:31Z", "pushed_at": "2021-04-05T02:36:51Z", "stargazers_count": 1, "watchers_count": 1, "forks_count": 1, "forks": 1, "watchers": 1, "score": 0 }, { "id": 350620709, "name": "CVE-2021-26855-CVE-2021-27065", "full_name": "hictf\/CVE-2021-26855-CVE-2021-27065", "owner": { "login": "hictf", "id": 43127173, "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/43127173?v=4", "html_url": "https:\/\/github.com\/hictf" }, "html_url": "https:\/\/github.com\/hictf\/CVE-2021-26855-CVE-2021-27065", "description": "analytics ProxyLogo Mail exchange RCE", "fork": false, "created_at": "2021-03-23T07:37:47Z", "updated_at": "2021-03-23T19:02:32Z", "pushed_at": "2021-03-23T19:02:30Z", "stargazers_count": 0, "watchers_count": 0, "forks_count": 0, "forks": 0, "watchers": 0, "score": 0 }, { "id": 350906098, "name": "proxylogon-exploit", "full_name": "praetorian-inc\/proxylogon-exploit", "owner": { "login": "praetorian-inc", "id": 8173787, "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/8173787?v=4", "html_url": "https:\/\/github.com\/praetorian-inc" }, "html_url": "https:\/\/github.com\/praetorian-inc\/proxylogon-exploit", "description": "Proof-of-concept exploit for CVE-2021-26855 and CVE-2021-27065. Unauthenticated RCE in Exchange.", "fork": false, "created_at": "2021-03-24T01:12:48Z", "updated_at": "2021-05-01T11:27:51Z", "pushed_at": "2021-03-24T01:25:05Z", "stargazers_count": 13, "watchers_count": 13, "forks_count": 1, "forks": 1, "watchers": 13, "score": 0 }, { "id": 352785704, "name": "SharpProxyLogon", "full_name": "Flangvik\/SharpProxyLogon", "owner": { "login": "Flangvik", "id": 23613997, "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/23613997?v=4", "html_url": "https:\/\/github.com\/Flangvik" }, "html_url": "https:\/\/github.com\/Flangvik\/SharpProxyLogon", "description": "C# POC for CVE-2021-26855 aka ProxyLogon, supports the classically semi-interactive web shell as well as shellcode injection ", "fork": false, "created_at": "2021-03-29T21:10:34Z", "updated_at": "2021-04-30T07:49:32Z", "pushed_at": "2021-03-31T11:57:38Z", "stargazers_count": 126, "watchers_count": 126, "forks_count": 19, "forks": 19, "watchers": 126, "score": 0 }, { "id": 357875949, "name": "ProxyLogon", "full_name": "hosch3n\/ProxyLogon", "owner": { "login": "hosch3n", "id": 29953808, "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/29953808?v=4", "html_url": "https:\/\/github.com\/hosch3n" }, "html_url": "https:\/\/github.com\/hosch3n\/ProxyLogon", "description": "CVE-2021-26855 & CVE-2021-27065 Fixed Bug Exploit", "fork": false, "created_at": "2021-04-14T11:12:30Z", "updated_at": "2021-04-18T21:38:06Z", "pushed_at": "2021-04-14T11:19:28Z", "stargazers_count": 3, "watchers_count": 3, "forks_count": 0, "forks": 0, "watchers": 3, "score": 0 }, { "id": 359403469, "name": "106362522", "full_name": "Nick-Yin12\/106362522", "owner": { "login": "Nick-Yin12", "id": 82452652, "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/82452652?v=4", "html_url": "https:\/\/github.com\/Nick-Yin12" }, "html_url": "https:\/\/github.com\/Nick-Yin12\/106362522", "description": "針對近期微軟公布修補遭駭客攻擊的Exchange Server漏洞問題,台灣DEVCORE表示早在1月5日便已發現安全漏洞後,並且向微軟通報此項編號命名為「CVE-2021-26855 」,以及「CVE-2021-27065」的零日漏洞,同時也將此項漏洞稱為「ProxyLogon」。 此次揭露的「ProxyLogon」漏洞,是以無需驗證即可使用的遠端程式碼執行 (Pre-Auth Remote Code Execution;Pre-Auth RCE)零日漏洞(Zero-day exploit),可讓攻擊者得以繞過身份驗證步驟,驅使系統管理員協助執行惡意文件或執行指令,進而觸發更廣泛的攻擊。 「ProxyLogon」是微軟近期被揭露最重大的RCE漏洞之一,DEVCORE團隊遵循責任揭露 (Responsible Disclosure)原則,在發現後便第一時間立即於今年1月5日通報微軟進行修補,避免該漏洞遭有心人士利用,造成全球用戶重大損失。而微軟遂於3月2日針對相關漏洞釋出安全更新,避免用戶機敏資訊遭受惡意攻擊。個人想法:遭駭客攻擊的Exchange Server漏洞問題,台灣DEVCORE表示早在1月5日便已發現,並且向微軟通報此項編號命名為「CVE-2021-26855 」,以及「CVE-2021-27065」的零日漏洞,同時也將此項漏洞稱為「ProxyLogon」。 此次揭露的「ProxyLogon」漏洞,是以無需驗證即可使用的遠端程式碼執行 (Pre-Auth Remote Code Execution;Pre-Auth RCE)零日漏洞(Zero-day exploit),可讓攻擊者得以繞過身份驗證步驟,驅使系統管理員協助執行惡意文件或執行指令,進而觸發更廣泛的攻擊。 「ProxyLogon」是微軟近期被揭露最重大的RCE漏洞之一,DEVCORE團隊遵循責任揭露 (Responsible Disclosure)原則,在發現後便第一時間立即於今年1月5日通報微軟進行修補,避免該漏洞遭有心人士利用,造成全球用戶重大損失。而微軟遂於3月2日針對相關漏洞釋出安全更新,避免用戶機敏資訊遭受惡意攻擊。個人想法:微軟是大眾常用的軟體之一,駭客只要察覺漏洞就會進行惡意的攻擊,微軟公布4個Exchange Server的安全漏洞後,就遭受駭客的惡意攻擊,這件事的發生,微軟需更加小心並提高資安的防護。", "fork": false, "created_at": "2021-04-19T09:33:52Z", "updated_at": "2021-04-19T09:35:18Z", "pushed_at": "2021-04-19T09:35:16Z", "stargazers_count": 0, "watchers_count": 0, "forks_count": 0, "forks": 0, "watchers": 0, "score": 0 } ]