Skip to content

bigherocenter/CVE-2022-41082-POC

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

12 Commits
pypsrp
pypsrp
 
 
README.md
README.md
 
 
TabShell.ps1
TabShell.ps1
 
 
cmd
cmd
 
 
poc.py
poc.py
 
 
requirements.txt
requirements.txt
 
 

Repository files navigation

CVE-2022-41082-POC

PoC for the CVE-2022-41082 NotProxyShell OWASSRF Vulnerability Effecting Microsoft Exchange Servers

This is Post-Auth RCE for ProxyNotShell OWASSRF, valid cardentials are needed for command execution.

Added the Powershell PoC script for TabShell Vulnerability (CVE-2022-41076)

The TabShell vulnerability its a form of Privilege Escalation which allows breaking out of the restricted Powershell Sandbox after you have successfully gained access through OWASSRF.

Affected versions

Exchange 2013,16,19 till 08.11.2022 patch This exploit bypasses Microsoft Hotfix from October 2022

Setup

pip install -r requirements.txt

Running

usage: python poc.py [-H Target] [-u username] [-p "password"] [-c cmd_file]
python poc.py -H https://192.168.0.1 -u user2 -p "123QWEasd!@#" -c cmd_file'

About

No description, website, or topics provided.

Resources

Readme
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages