[ { "id": 344161221, "name": "exchange-0days-202103", "full_name": "sgnls\/exchange-0days-202103", "owner": { "login": "sgnls", "id": 11134228, "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/11134228?v=4", "html_url": "https:\/\/github.com\/sgnls" }, "html_url": "https:\/\/github.com\/sgnls\/exchange-0days-202103", "description": "IoC determination for exploitation of CVE-2021-26855, CVE-2021-26857, CVE-2021-26858 and CVE-2021-27065.", "fork": false, "created_at": "2021-03-03T14:50:16Z", "updated_at": "2021-08-14T03:38:35Z", "pushed_at": "2021-03-15T11:42:06Z", "stargazers_count": 6, "watchers_count": 6, "forks_count": 4, "allow_forking": true, "is_template": false, "topics": [], "visibility": "public", "forks": 4, "watchers": 6, "score": 0 }, { "id": 344210374, "name": "HAFNIUM-IOC", "full_name": "soteria-security\/HAFNIUM-IOC", "owner": { "login": "soteria-security", "id": 49722282, "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/49722282?v=4", "html_url": "https:\/\/github.com\/soteria-security" }, "html_url": "https:\/\/github.com\/soteria-security\/HAFNIUM-IOC", "description": "A PowerShell script to identify indicators of exploitation of CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, and CVE-2021-26865", "fork": false, "created_at": "2021-03-03T17:36:18Z", "updated_at": "2022-01-12T11:59:39Z", "pushed_at": "2021-03-05T17:09:01Z", "stargazers_count": 21, "watchers_count": 21, "forks_count": 1, "allow_forking": true, "is_template": false, "topics": [], "visibility": "public", "forks": 1, "watchers": 21, "score": 0 }, { "id": 344742582, "name": "exchange_webshell_detection", "full_name": "cert-lv\/exchange_webshell_detection", "owner": { "login": "cert-lv", "id": 22764485, "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/22764485?v=4", "html_url": "https:\/\/github.com\/cert-lv" }, "html_url": "https:\/\/github.com\/cert-lv\/exchange_webshell_detection", "description": "Detect webshells dropped on Microsoft Exchange servers exploited through \"proxylogon\" group of vulnerabilites (CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, CVE-2021-27065)", "fork": false, "created_at": "2021-03-05T08:22:07Z", "updated_at": "2022-02-14T23:14:09Z", "pushed_at": "2021-03-16T08:34:14Z", "stargazers_count": 96, "watchers_count": 96, "forks_count": 22, "allow_forking": true, "is_template": false, "topics": [ "blueteam", "exchange-server", "infosec", "iocs", "security", "security-audit" ], "visibility": "public", "forks": 22, "watchers": 96, "score": 0 }, { "id": 345052378, "name": "Microsoft_Exchange_Server_SSRF_CVE-2021-26855", "full_name": "conjojo\/Microsoft_Exchange_Server_SSRF_CVE-2021-26855", "owner": { "login": "conjojo", "id": 79626719, "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/79626719?v=4", "html_url": "https:\/\/github.com\/conjojo" }, "html_url": "https:\/\/github.com\/conjojo\/Microsoft_Exchange_Server_SSRF_CVE-2021-26855", "description": "Microsoft Exchange Server SSRF漏洞(CVE-2021-26855)", "fork": false, "created_at": "2021-03-06T09:15:55Z", "updated_at": "2021-12-15T14:41:36Z", "pushed_at": "2021-03-06T10:34:49Z", "stargazers_count": 40, "watchers_count": 40, "forks_count": 8, "allow_forking": true, "is_template": false, "topics": [], "visibility": "public", "forks": 8, "watchers": 40, "score": 0 }, { "id": 345173055, "name": "CVE-2021-26855-SSRF", "full_name": "pussycat0x\/CVE-2021-26855-SSRF", "owner": { "login": "pussycat0x", "id": 65701233, "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/65701233?v=4", "html_url": "https:\/\/github.com\/pussycat0x" }, "html_url": "https:\/\/github.com\/pussycat0x\/CVE-2021-26855-SSRF", "description": "This script helps to identify CVE-2021-26855 ssrf Poc", "fork": false, "created_at": "2021-03-06T19:03:00Z", "updated_at": "2021-12-15T14:41:36Z", "pushed_at": "2021-03-10T07:41:56Z", "stargazers_count": 20, "watchers_count": 20, "forks_count": 11, "allow_forking": true, "is_template": false, "topics": [ "cve-2021-26855-ssrf", "microsoft-exchange", "poc", "proxylogon", "ssrf" ], "visibility": "public", "forks": 11, "watchers": 20, "score": 0 }, { "id": 345215022, "name": "CVE-2021-26855", "full_name": "0xAbdullah\/CVE-2021-26855", "owner": { "login": "0xAbdullah", "id": 29471278, "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/29471278?v=4", "html_url": "https:\/\/github.com\/0xAbdullah" }, "html_url": "https:\/\/github.com\/0xAbdullah\/CVE-2021-26855", "description": "PoC for CVE-2021-26855 -Just a checker-", "fork": false, "created_at": "2021-03-06T23:12:22Z", "updated_at": "2022-02-09T08:43:33Z", "pushed_at": "2021-03-09T22:07:46Z", "stargazers_count": 18, "watchers_count": 18, "forks_count": 4, "allow_forking": true, "is_template": false, "topics": [], "visibility": "public", "forks": 4, "watchers": 18, "score": 0 }, { "id": 345228496, "name": "CVE-2021-26855-SSRF-Exchange", "full_name": "Th3eCrow\/CVE-2021-26855-SSRF-Exchange", "owner": { "login": "Th3eCrow", "id": 10507748, "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/10507748?v=4", "html_url": "https:\/\/github.com\/Th3eCrow" }, "html_url": "https:\/\/github.com\/Th3eCrow\/CVE-2021-26855-SSRF-Exchange", "description": "CVE-2021-26855 SSRF Exchange Server", "fork": false, "created_at": "2021-03-07T00:55:16Z", "updated_at": "2021-12-15T14:41:36Z", "pushed_at": "2021-03-06T18:57:43Z", "stargazers_count": 8, "watchers_count": 8, "forks_count": 4, "allow_forking": true, "is_template": false, "topics": [], "visibility": "public", "forks": 4, "watchers": 8, "score": 0 }, { "id": 345337490, "name": "exchange_proxylogon", "full_name": "mekhalleh\/exchange_proxylogon", "owner": { "login": "mekhalleh", "id": 5225129, "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/5225129?v=4", "html_url": "https:\/\/github.com\/mekhalleh" }, "html_url": "https:\/\/github.com\/mekhalleh\/exchange_proxylogon", "description": "Module pack for #ProxyLogon (part. of my contribute for Metasploit-Framework) [CVE-2021-26855 && CVE-2021-27065]", "fork": false, "created_at": "2021-03-07T12:12:16Z", "updated_at": "2021-09-12T03:30:10Z", "pushed_at": "2021-03-29T08:42:01Z", "stargazers_count": 4, "watchers_count": 4, "forks_count": 3, "allow_forking": true, "is_template": false, "topics": [], "visibility": "public", "forks": 3, "watchers": 4, "score": 0 }, { "id": 345567206, "name": "CVE-2021-26855_SSRF", "full_name": "Yt1g3r\/CVE-2021-26855_SSRF", "owner": { "login": "Yt1g3r", "id": 12625147, "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/12625147?v=4", "html_url": "https:\/\/github.com\/Yt1g3r" }, "html_url": "https:\/\/github.com\/Yt1g3r\/CVE-2021-26855_SSRF", "description": "POC of CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, and CVE-2021-26865, ProxyLogon poc", "fork": false, "created_at": "2021-03-08T07:28:21Z", "updated_at": "2021-12-15T14:41:36Z", "pushed_at": "2021-03-11T03:28:47Z", "stargazers_count": 4, "watchers_count": 4, "forks_count": 5, "allow_forking": true, "is_template": false, "topics": [ "cve-2021-26855", "proxylogon" ], "visibility": "public", "forks": 5, "watchers": 4, "score": 0 }, { "id": 345586288, "name": "CVE-2021-26855", "full_name": "charlottelatest\/CVE-2021-26855", "owner": { "login": "charlottelatest", "id": 34669056, "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/34669056?v=4", "html_url": "https:\/\/github.com\/charlottelatest" }, "html_url": "https:\/\/github.com\/charlottelatest\/CVE-2021-26855", "description": "CVE-2021-26855 exp", "fork": false, "created_at": "2021-03-08T08:39:05Z", "updated_at": "2021-12-15T14:41:37Z", "pushed_at": "2021-03-08T08:09:01Z", "stargazers_count": 104, "watchers_count": 104, "forks_count": 75, "allow_forking": true, "is_template": false, "topics": [], "visibility": "public", "forks": 75, "watchers": 104, "score": 0 }, { "id": 345639477, "name": "proxylogscan", "full_name": "dwisiswant0\/proxylogscan", "owner": { "login": "dwisiswant0", "id": 25837540, "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/25837540?v=4", "html_url": "https:\/\/github.com\/dwisiswant0" }, "html_url": "https:\/\/github.com\/dwisiswant0\/proxylogscan", "description": "A fast tool to mass scan for a vulnerability on Microsoft Exchange Server that allows an attacker bypassing the authentication and impersonating as the admin (CVE-2021-26855).", "fork": false, "created_at": "2021-03-08T11:54:32Z", "updated_at": "2022-03-02T15:41:34Z", "pushed_at": "2022-03-02T15:41:29Z", "stargazers_count": 137, "watchers_count": 137, "forks_count": 22, "allow_forking": true, "is_template": false, "topics": [ "cve-2021-26855", "cve-2021-27065", "microsoft-exchange", "microsoft-exchange-proxylogon", "microsoft-exchange-server", "proxylogon", "ssrf" ], "visibility": "public", "forks": 22, "watchers": 137, "score": 0 }, { "id": 345955330, "name": "ExchangeWeaknessTest", "full_name": "mauricelambert\/ExchangeWeaknessTest", "owner": { "login": "mauricelambert", "id": 50479118, "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/50479118?v=4", "html_url": "https:\/\/github.com\/mauricelambert" }, "html_url": "https:\/\/github.com\/mauricelambert\/ExchangeWeaknessTest", "description": "This script test the CVE-2021-26855 vulnerability on Exchange Server.", "fork": false, "created_at": "2021-03-09T09:40:29Z", "updated_at": "2021-03-09T09:43:55Z", "pushed_at": "2021-03-09T09:42:51Z", "stargazers_count": 0, "watchers_count": 0, "forks_count": 0, "allow_forking": true, "is_template": false, "topics": [ "cve", "exchange", "microsoft", "python3", "security", "security-tools" ], "visibility": "public", "forks": 0, "watchers": 0, "score": 0 }, { "id": 345970212, "name": "Exchange_IOC_Hunter", "full_name": "DCScoder\/Exchange_IOC_Hunter", "owner": { "login": "DCScoder", "id": 42096735, "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/42096735?v=4", "html_url": "https:\/\/github.com\/DCScoder" }, "html_url": "https:\/\/github.com\/DCScoder\/Exchange_IOC_Hunter", "description": "CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, CVE-2021-27065", "fork": false, "created_at": "2021-03-09T10:36:44Z", "updated_at": "2021-03-17T10:22:07Z", "pushed_at": "2021-03-17T10:22:05Z", "stargazers_count": 0, "watchers_count": 0, "forks_count": 0, "allow_forking": true, "is_template": false, "topics": [], "visibility": "public", "forks": 0, "watchers": 0, "score": 0 }, { "id": 346033440, "name": "CVE-2021-26855-PoC", "full_name": "srvaccount\/CVE-2021-26855-PoC", "owner": { "login": "srvaccount", "id": 76211832, "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/76211832?v=4", "html_url": "https:\/\/github.com\/srvaccount" }, "html_url": "https:\/\/github.com\/srvaccount\/CVE-2021-26855-PoC", "description": "PoC exploit code for CVE-2021-26855", "fork": false, "created_at": "2021-03-09T14:27:06Z", "updated_at": "2022-01-10T21:06:44Z", "pushed_at": "2021-03-09T21:59:53Z", "stargazers_count": 12, "watchers_count": 12, "forks_count": 22, "allow_forking": true, "is_template": false, "topics": [], "visibility": "public", "forks": 22, "watchers": 12, "score": 0 }, { "id": 346078570, "name": "CVE-2021-26855", "full_name": "h4x0r-dz\/CVE-2021-26855", "owner": { "login": "h4x0r-dz", "id": 26070859, "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/26070859?v=4", "html_url": "https:\/\/github.com\/h4x0r-dz" }, "html_url": "https:\/\/github.com\/h4x0r-dz\/CVE-2021-26855", "description": null, "fork": false, "created_at": "2021-03-09T16:54:39Z", "updated_at": "2022-02-21T12:12:08Z", "pushed_at": "2021-03-09T16:56:09Z", "stargazers_count": 91, "watchers_count": 91, "forks_count": 59, "allow_forking": true, "is_template": false, "topics": [], "visibility": "public", "forks": 59, "watchers": 91, "score": 0 }, { "id": 346241102, "name": "CVE-2021-26855_PoC", "full_name": "alt3kx\/CVE-2021-26855_PoC", "owner": { "login": "alt3kx", "id": 3140111, "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/3140111?v=4", "html_url": "https:\/\/github.com\/alt3kx" }, "html_url": "https:\/\/github.com\/alt3kx\/CVE-2021-26855_PoC", "description": null, "fork": false, "created_at": "2021-03-10T05:21:19Z", "updated_at": "2021-12-15T14:41:37Z", "pushed_at": "2021-03-12T16:19:50Z", "stargazers_count": 51, "watchers_count": 51, "forks_count": 30, "allow_forking": true, "is_template": false, "topics": [], "visibility": "public", "forks": 30, "watchers": 51, "score": 0 }, { "id": 346816198, "name": "CVE-2021-26855", "full_name": "raheel0x01\/CVE-2021-26855", "owner": { "login": "raheel0x01", "id": 65211256, "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/65211256?v=4", "html_url": "https:\/\/github.com\/raheel0x01" }, "html_url": "https:\/\/github.com\/raheel0x01\/CVE-2021-26855", "description": " CVE-2021-26855, also known as Proxylogon, is a server-side request forgery (SSRF) vulnerability in Exchange that allows an attacker to send arbitrary HTTP requests and authenticate as the Exchange server.", "fork": false, "created_at": "2021-03-11T19:35:35Z", "updated_at": "2022-02-18T03:54:37Z", "pushed_at": "2022-02-18T03:36:58Z", "stargazers_count": 12, "watchers_count": 12, "forks_count": 8, "allow_forking": true, "is_template": false, "topics": [], "visibility": "public", "forks": 8, "watchers": 12, "score": 0 }, { "id": 346834084, "name": "CVE-2021-26855", "full_name": "hackerschoice\/CVE-2021-26855", "owner": { "login": "hackerschoice", "id": 57636453, "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/57636453?v=4", "html_url": "https:\/\/github.com\/hackerschoice" }, "html_url": "https:\/\/github.com\/hackerschoice\/CVE-2021-26855", "description": "PoC of proxylogon chain SSRF(CVE-2021-26855) to write file by testanull, censored by github", "fork": false, "created_at": "2021-03-11T20:51:48Z", "updated_at": "2022-02-26T22:51:43Z", "pushed_at": "2021-03-11T20:58:08Z", "stargazers_count": 55, "watchers_count": 55, "forks_count": 32, "allow_forking": true, "is_template": false, "topics": [], "visibility": "public", "forks": 32, "watchers": 55, "score": 0 }, { "id": 346840803, "name": "HAFNIUM-Microsoft-Exchange-0day", "full_name": "SCS-Labs\/HAFNIUM-Microsoft-Exchange-0day", "owner": { "login": "SCS-Labs", "id": 67705746, "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/67705746?v=4", "html_url": "https:\/\/github.com\/SCS-Labs" }, "html_url": "https:\/\/github.com\/SCS-Labs\/HAFNIUM-Microsoft-Exchange-0day", "description": "CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, CVE-2021-27065", "fork": false, "created_at": "2021-03-11T21:18:29Z", "updated_at": "2021-04-19T19:31:47Z", "pushed_at": "2021-04-19T19:31:45Z", "stargazers_count": 5, "watchers_count": 5, "forks_count": 1, "allow_forking": true, "is_template": false, "topics": [ "0day", "agency-security", "cve-2021-26855", "cve-2021-26857", "cve-2021-26858", "cve-2021-27065", "detections", "microsoft-exchange", "microsoft-exchange-server", "mitigations", "proxylogon", "timeline", "tweets", "zeroday" ], "visibility": "public", "forks": 1, "watchers": 5, "score": 0 }, { "id": 347064151, "name": "CVE-2021-26855-Scanner", "full_name": "KotSec\/CVE-2021-26855-Scanner", "owner": { "login": "KotSec", "id": 80525807, "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/80525807?v=4", "html_url": "https:\/\/github.com\/KotSec" }, "html_url": "https:\/\/github.com\/KotSec\/CVE-2021-26855-Scanner", "description": "Scanner and PoC for CVE-2021-26855 ", "fork": false, "created_at": "2021-03-12T12:47:41Z", "updated_at": "2021-12-29T15:00:52Z", "pushed_at": "2021-03-12T12:55:57Z", "stargazers_count": 3, "watchers_count": 3, "forks_count": 2, "allow_forking": true, "is_template": false, "topics": [], "visibility": "public", "forks": 2, "watchers": 3, "score": 0 }, { "id": 347638787, "name": "proxylogon", "full_name": "hakivvi\/proxylogon", "owner": { "login": "hakivvi", "id": 67718634, "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/67718634?v=4", "html_url": "https:\/\/github.com\/hakivvi" }, "html_url": "https:\/\/github.com\/hakivvi\/proxylogon", "description": "my exploit for the proxylogon chain (Microsoft Exchange Server - CVE-2021-26855) ", "fork": false, "created_at": "2021-03-14T13:04:07Z", "updated_at": "2021-06-06T02:39:57Z", "pushed_at": "2021-05-01T08:25:46Z", "stargazers_count": 6, "watchers_count": 6, "forks_count": 2, "allow_forking": true, "is_template": false, "topics": [], "visibility": "public", "forks": 2, "watchers": 6, "score": 0 }, { "id": 347658157, "name": "Exch-CVE-2021-26855", "full_name": "ZephrFish\/Exch-CVE-2021-26855", "owner": { "login": "ZephrFish", "id": 5783068, "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/5783068?v=4", "html_url": "https:\/\/github.com\/ZephrFish" }, "html_url": "https:\/\/github.com\/ZephrFish\/Exch-CVE-2021-26855", "description": "CVE-2021-26855: PoC (Not a HoneyPoC for once!)", "fork": false, "created_at": "2021-03-14T14:23:34Z", "updated_at": "2022-02-16T09:48:52Z", "pushed_at": "2021-03-15T18:56:38Z", "stargazers_count": 25, "watchers_count": 25, "forks_count": 13, "allow_forking": true, "is_template": false, "topics": [], "visibility": "public", "forks": 13, "watchers": 25, "score": 0 }, { "id": 347774757, "name": "ProxyLogon-CVE-2021-26855", "full_name": "mil1200\/ProxyLogon-CVE-2021-26855", "owner": { "login": "mil1200", "id": 18125445, "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/18125445?v=4", "html_url": "https:\/\/github.com\/mil1200" }, "html_url": "https:\/\/github.com\/mil1200\/ProxyLogon-CVE-2021-26855", "description": "RCE exploit for ProxyLogon vulnerability in Microsoft Exchange", "fork": false, "created_at": "2021-03-14T22:57:21Z", "updated_at": "2021-11-25T15:13:15Z", "pushed_at": "2021-03-14T23:03:12Z", "stargazers_count": 9, "watchers_count": 9, "forks_count": 8, "allow_forking": true, "is_template": false, "topics": [], "visibility": "public", "forks": 8, "watchers": 9, "score": 0 }, { "id": 347900434, "name": "ExchangeSSRFtoRCEExploit", "full_name": "evilashz\/ExchangeSSRFtoRCEExploit", "owner": { "login": "evilashz", "id": 50722929, "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/50722929?v=4", "html_url": "https:\/\/github.com\/evilashz" }, "html_url": "https:\/\/github.com\/evilashz\/ExchangeSSRFtoRCEExploit", "description": "CVE-2021-26855 & CVE-2021-27065", "fork": false, "created_at": "2021-03-15T09:02:40Z", "updated_at": "2021-10-24T06:16:43Z", "pushed_at": "2021-03-15T09:19:45Z", "stargazers_count": 22, "watchers_count": 22, "forks_count": 4, "allow_forking": true, "is_template": false, "topics": [ "cve-2021-26855", "cve-2021-27065", "proxylogon" ], "visibility": "public", "forks": 4, "watchers": 22, "score": 0 }, { "id": 347992754, "name": "CVE-2021-26855-d", "full_name": "Mr-xn\/CVE-2021-26855-d", "owner": { "login": "Mr-xn", "id": 18260135, "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/18260135?v=4", "html_url": "https:\/\/github.com\/Mr-xn" }, "html_url": "https:\/\/github.com\/Mr-xn\/CVE-2021-26855-d", "description": null, "fork": false, "created_at": "2021-03-15T14:03:16Z", "updated_at": "2021-09-14T06:23:54Z", "pushed_at": "2021-03-15T14:08:16Z", "stargazers_count": 6, "watchers_count": 6, "forks_count": 3, "allow_forking": true, "is_template": false, "topics": [], "visibility": "public", "forks": 3, "watchers": 6, "score": 0 }, { "id": 348253285, "name": "ProxyLogon", "full_name": "RickGeex\/ProxyLogon", "owner": { "login": "RickGeex", "id": 7975904, "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/7975904?v=4", "html_url": "https:\/\/github.com\/RickGeex" }, "html_url": "https:\/\/github.com\/RickGeex\/ProxyLogon", "description": "ProxyLogon is the formally generic name for CVE-2021-26855, a vulnerability on Microsoft Exchange Server that allows an attacker bypassing the authentication and impersonating as the admin. We have also chained this bug with another post-auth arbitrary-file-write vulnerability, CVE-2021-27065, to get code execution.", "fork": false, "created_at": "2021-03-16T07:31:25Z", "updated_at": "2022-03-02T19:09:09Z", "pushed_at": "2021-05-01T17:20:15Z", "stargazers_count": 27, "watchers_count": 27, "forks_count": 6, "allow_forking": true, "is_template": false, "topics": [], "visibility": "public", "forks": 6, "watchers": 27, "score": 0 }, { "id": 348300485, "name": "ProxyLogon", "full_name": "Immersive-Labs-Sec\/ProxyLogon", "owner": { "login": "Immersive-Labs-Sec", "id": 79456607, "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/79456607?v=4", "html_url": "https:\/\/github.com\/Immersive-Labs-Sec" }, "html_url": "https:\/\/github.com\/Immersive-Labs-Sec\/ProxyLogon", "description": "Chaining CVE-2021-26855 and CVE-2021-26857 to exploit Microsoft Exchange", "fork": false, "created_at": "2021-03-16T10:14:56Z", "updated_at": "2021-03-24T16:54:40Z", "pushed_at": "2021-03-22T09:22:20Z", "stargazers_count": 3, "watchers_count": 3, "forks_count": 0, "allow_forking": true, "is_template": false, "topics": [], "visibility": "public", "forks": 0, "watchers": 3, "score": 0 }, { "id": 348408422, "name": "Scan-Vuln-CVE-2021-26855", "full_name": "shacojx\/Scan-Vuln-CVE-2021-26855", "owner": { "login": "shacojx", "id": 19655109, "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/19655109?v=4", "html_url": "https:\/\/github.com\/shacojx" }, "html_url": "https:\/\/github.com\/shacojx\/Scan-Vuln-CVE-2021-26855", "description": null, "fork": false, "created_at": "2021-03-16T15:59:17Z", "updated_at": "2021-03-20T01:39:29Z", "pushed_at": "2021-03-18T10:52:00Z", "stargazers_count": 3, "watchers_count": 3, "forks_count": 2, "allow_forking": true, "is_template": false, "topics": [], "visibility": "public", "forks": 2, "watchers": 3, "score": 0 }, { "id": 348486092, "name": "CVE-2021-26855", "full_name": "SotirisKar\/CVE-2021-26855", "owner": { "login": "SotirisKar", "id": 36128807, "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/36128807?v=4", "html_url": "https:\/\/github.com\/SotirisKar" }, "html_url": "https:\/\/github.com\/SotirisKar\/CVE-2021-26855", "description": null, "fork": false, "created_at": "2021-03-16T20:42:29Z", "updated_at": "2021-08-13T22:54:47Z", "pushed_at": "2021-03-16T20:43:10Z", "stargazers_count": 0, "watchers_count": 0, "forks_count": 0, "allow_forking": true, "is_template": false, "topics": [], "visibility": "public", "forks": 0, "watchers": 0, "score": 0 }, { "id": 348568793, "name": "ProxyLogon-CVE-2021-26855-metasploit", "full_name": "TaroballzChen\/ProxyLogon-CVE-2021-26855-metasploit", "owner": { "login": "TaroballzChen", "id": 27862593, "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/27862593?v=4", "html_url": "https:\/\/github.com\/TaroballzChen" }, "html_url": "https:\/\/github.com\/TaroballzChen\/ProxyLogon-CVE-2021-26855-metasploit", "description": "CVE-2021-26855 proxyLogon metasploit exploit script", "fork": false, "created_at": "2021-03-17T03:32:19Z", "updated_at": "2021-12-15T14:41:40Z", "pushed_at": "2021-03-17T05:51:30Z", "stargazers_count": 4, "watchers_count": 4, "forks_count": 3, "allow_forking": true, "is_template": false, "topics": [ "cve-2021-26855", "metasploit", "proxylogon" ], "visibility": "public", "forks": 3, "watchers": 4, "score": 0 }, { "id": 348573564, "name": "ProxyLogon", "full_name": "p0wershe11\/ProxyLogon", "owner": { "login": "p0wershe11", "id": 80803923, "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/80803923?v=4", "html_url": "https:\/\/github.com\/p0wershe11" }, "html_url": "https:\/\/github.com\/p0wershe11\/ProxyLogon", "description": "ProxyLogon(CVE-2021-26855+CVE-2021-27065) Exchange Server RCE(SSRF->GetWebShell)", "fork": false, "created_at": "2021-03-17T03:56:54Z", "updated_at": "2022-02-11T06:50:21Z", "pushed_at": "2021-03-17T05:06:18Z", "stargazers_count": 99, "watchers_count": 99, "forks_count": 29, "allow_forking": true, "is_template": false, "topics": [ "0day", "cve-2021-26855", "cve-2021-26855-ssrf", "cve-2021-27065", "exploit", "microsoft-exchange", "microsoft-exchange-proxylogon", "microsoft-exchange-server", "proxylogon", "zeroday" ], "visibility": "public", "forks": 29, "watchers": 99, "score": 0 }, { "id": 348894495, "name": "CVE-2021-26855_Exchange", "full_name": "r0ckysec\/CVE-2021-26855_Exchange", "owner": { "login": "r0ckysec", "id": 44518337, "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/44518337?v=4", "html_url": "https:\/\/github.com\/r0ckysec" }, "html_url": "https:\/\/github.com\/r0ckysec\/CVE-2021-26855_Exchange", "description": "Microsoft Exchange Proxylogon Exploit Chain EXP分析", "fork": false, "created_at": "2021-03-18T00:44:29Z", "updated_at": "2022-02-10T03:09:21Z", "pushed_at": "2021-03-24T10:39:34Z", "stargazers_count": 13, "watchers_count": 13, "forks_count": 8, "allow_forking": true, "is_template": false, "topics": [], "visibility": "public", "forks": 8, "watchers": 13, "score": 0 }, { "id": 349035798, "name": "CVE-2021-26855-exploit-Exchange", "full_name": "shacojx\/CVE-2021-26855-exploit-Exchange", "owner": { "login": "shacojx", "id": 19655109, "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/19655109?v=4", "html_url": "https:\/\/github.com\/shacojx" }, "html_url": "https:\/\/github.com\/shacojx\/CVE-2021-26855-exploit-Exchange", "description": null, "fork": false, "created_at": "2021-03-18T10:45:54Z", "updated_at": "2022-01-07T03:32:12Z", "pushed_at": "2021-04-05T02:36:51Z", "stargazers_count": 5, "watchers_count": 5, "forks_count": 2, "allow_forking": true, "is_template": false, "topics": [], "visibility": "public", "forks": 2, "watchers": 5, "score": 0 }, { "id": 350620709, "name": "CVE-2021-26855-CVE-2021-27065", "full_name": "hictf\/CVE-2021-26855-CVE-2021-27065", "owner": { "login": "hictf", "id": 43127173, "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/43127173?v=4", "html_url": "https:\/\/github.com\/hictf" }, "html_url": "https:\/\/github.com\/hictf\/CVE-2021-26855-CVE-2021-27065", "description": "analytics ProxyLogo Mail exchange RCE", "fork": false, "created_at": "2021-03-23T07:37:47Z", "updated_at": "2021-03-23T19:02:32Z", "pushed_at": "2021-03-23T19:02:30Z", "stargazers_count": 0, "watchers_count": 0, "forks_count": 0, "allow_forking": true, "is_template": false, "topics": [], "visibility": "public", "forks": 0, "watchers": 0, "score": 0 }, { "id": 350906098, "name": "proxylogon-exploit", "full_name": "praetorian-inc\/proxylogon-exploit", "owner": { "login": "praetorian-inc", "id": 8173787, "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/8173787?v=4", "html_url": "https:\/\/github.com\/praetorian-inc" }, "html_url": "https:\/\/github.com\/praetorian-inc\/proxylogon-exploit", "description": "Proof-of-concept exploit for CVE-2021-26855 and CVE-2021-27065. Unauthenticated RCE in Exchange.", "fork": false, "created_at": "2021-03-24T01:12:48Z", "updated_at": "2022-01-25T22:30:25Z", "pushed_at": "2021-03-24T01:25:05Z", "stargazers_count": 39, "watchers_count": 39, "forks_count": 13, "allow_forking": true, "is_template": false, "topics": [], "visibility": "public", "forks": 13, "watchers": 39, "score": 0 }, { "id": 352785704, "name": "SharpProxyLogon", "full_name": "Flangvik\/SharpProxyLogon", "owner": { "login": "Flangvik", "id": 23613997, "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/23613997?v=4", "html_url": "https:\/\/github.com\/Flangvik" }, "html_url": "https:\/\/github.com\/Flangvik\/SharpProxyLogon", "description": "C# POC for CVE-2021-26855 aka ProxyLogon, supports the classically semi-interactive web shell as well as shellcode injection ", "fork": false, "created_at": "2021-03-29T21:10:34Z", "updated_at": "2022-01-19T01:54:00Z", "pushed_at": "2021-03-31T11:57:38Z", "stargazers_count": 209, "watchers_count": 209, "forks_count": 35, "allow_forking": true, "is_template": false, "topics": [], "visibility": "public", "forks": 35, "watchers": 209, "score": 0 }, { "id": 357875949, "name": "ProxyVulns", "full_name": "hosch3n\/ProxyVulns", "owner": { "login": "hosch3n", "id": 29953808, "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/29953808?v=4", "html_url": "https:\/\/github.com\/hosch3n" }, "html_url": "https:\/\/github.com\/hosch3n\/ProxyVulns", "description": "[ProxyLogon] CVE-2021-26855 & CVE-2021-27065 Fixed RawIdentity Bug Exploit. [ProxyOracle] CVE-2021-31195 & CVE-2021-31196 Exploit Chains. [ProxyShell] CVE-2021-34473 & CVE-2021-34523 & CVE-2021-31207 Exploit Chains.", "fork": false, "created_at": "2021-04-14T11:12:30Z", "updated_at": "2022-03-02T19:28:17Z", "pushed_at": "2021-11-16T04:00:14Z", "stargazers_count": 123, "watchers_count": 123, "forks_count": 28, "allow_forking": true, "is_template": false, "topics": [], "visibility": "public", "forks": 28, "watchers": 123, "score": 0 }, { "id": 359403469, "name": "106362522", "full_name": "Nick-Yin12\/106362522", "owner": { "login": "Nick-Yin12", "id": 82452652, "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/82452652?v=4", "html_url": "https:\/\/github.com\/Nick-Yin12" }, "html_url": "https:\/\/github.com\/Nick-Yin12\/106362522", "description": "針對近期微軟公布修補遭駭客攻擊的Exchange Server漏洞問題,台灣DEVCORE表示早在1月5日便已發現安全漏洞後,並且向微軟通報此項編號命名為「CVE-2021-26855 」,以及「CVE-2021-27065」的零日漏洞,同時也將此項漏洞稱為「ProxyLogon」。 此次揭露的「ProxyLogon」漏洞,是以無需驗證即可使用的遠端程式碼執行 (Pre-Auth Remote Code Execution;Pre-Auth RCE)零日漏洞(Zero-day exploit),可讓攻擊者得以繞過身份驗證步驟,驅使系統管理員協助執行惡意文件或執行指令,進而觸發更廣泛的攻擊。 「ProxyLogon」是微軟近期被揭露最重大的RCE漏洞之一,DEVCORE團隊遵循責任揭露 (Responsible Disclosure)原則,在發現後便第一時間立即於今年1月5日通報微軟進行修補,避免該漏洞遭有心人士利用,造成全球用戶重大損失。而微軟遂於3月2日針對相關漏洞釋出安全更新,避免用戶機敏資訊遭受惡意攻擊。個人想法:遭駭客攻擊的Exchange Server漏洞問題,台灣DEVCORE表示早在1月5日便已發現,並且向微軟通報此項編號命名為「CVE-2021-26855 」,以及「CVE-2021-27065」的零日漏洞,同時也將此項漏洞稱為「ProxyLogon」。 此次揭露的「ProxyLogon」漏洞,是以無需驗證即可使用的遠端程式碼執行 (Pre-Auth Remote Code Execution;Pre-Auth RCE)零日漏洞(Zero-day exploit),可讓攻擊者得以繞過身份驗證步驟,驅使系統管理員協助執行惡意文件或執行指令,進而觸發更廣泛的攻擊。 「ProxyLogon」是微軟近期被揭露最重大的RCE漏洞之一,DEVCORE團隊遵循責任揭露 (Responsible Disclosure)原則,在發現後便第一時間立即於今年1月5日通報微軟進行修補,避免該漏洞遭有心人士利用,造成全球用戶重大損失。而微軟遂於3月2日針對相關漏洞釋出安全更新,避免用戶機敏資訊遭受惡意攻擊。個人想法:微軟是大眾常用的軟體之一,駭客只要察覺漏洞就會進行惡意的攻擊,微軟公布4個Exchange Server的安全漏洞後,就遭受駭客的惡意攻擊,這件事的發生,微軟需更加小心並提高資安的防護。", "fork": false, "created_at": "2021-04-19T09:33:52Z", "updated_at": "2021-04-19T09:35:18Z", "pushed_at": "2021-04-19T09:35:16Z", "stargazers_count": 0, "watchers_count": 0, "forks_count": 0, "allow_forking": true, "is_template": false, "topics": [], "visibility": "public", "forks": 0, "watchers": 0, "score": 0 }, { "id": 422862938, "name": "Flangvik", "full_name": "yaoxiaoangry3\/Flangvik", "owner": { "login": "yaoxiaoangry3", "id": 93431453, "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/93431453?v=4", "html_url": "https:\/\/github.com\/yaoxiaoangry3" }, "html_url": "https:\/\/github.com\/yaoxiaoangry3\/Flangvik", "description": "C# POC for CVE-2021-26855 aka ProxyLogon, supports the classically semi-interactive web shell as well as shellcode in…", "fork": false, "created_at": "2021-10-30T11:31:48Z", "updated_at": "2021-10-30T11:31:52Z", "pushed_at": "2021-10-30T11:31:50Z", "stargazers_count": 0, "watchers_count": 0, "forks_count": 0, "allow_forking": true, "is_template": false, "topics": [], "visibility": "public", "forks": 0, "watchers": 0, "score": 0 }, { "id": 435023930, "name": "poc_proxylogon", "full_name": "thau0x01\/poc_proxylogon", "owner": { "login": "thau0x01", "id": 8220038, "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/8220038?v=4", "html_url": "https:\/\/github.com\/thau0x01" }, "html_url": "https:\/\/github.com\/thau0x01\/poc_proxylogon", "description": "Microsoft Exchange ProxyLogon PoC (CVE-2021-26855)", "fork": false, "created_at": "2021-12-04T22:38:30Z", "updated_at": "2022-02-22T05:29:04Z", "pushed_at": "2022-02-10T15:20:42Z", "stargazers_count": 9, "watchers_count": 9, "forks_count": 1, "allow_forking": true, "is_template": false, "topics": [], "visibility": "public", "forks": 1, "watchers": 9, "score": 0 } ]