-
Notifications
You must be signed in to change notification settings - Fork 3
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Exploit aborted due to failure: not-found: No 'Client ID' was found #3
Comments
Please, use |
This can happen when you never logged into the mailboxes. |
Edit
#################### Request:####################
#################### Response:####################
#################### Request:####################
#################### Response:####################
[] Internal server name (mx2016-serv.serv.local) Request:####################
#################### Response:####################
[-] Exploit aborted due to failure: not-found: No 'Client ID' was found |
Thanks for reply. I removed the |
send me httptrace please, because I need to read that. |
I will update with full httptrace asap, The response for After the second
SID S-1-5-21 is for Domain Admin |
This is what i know : Seem to be the same mistake as : rapid7/metasploit-framework#14860 (comment)
On the Rapid7 lab, this was not working. but I ended up correcting this by playing on the SID (rapid7/metasploit-framework#14860 (comment)).
The official module is always the one that was added in metasploit (in the master branch https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/http/exchange_proxylogon_rce.rb) But if you told me that this one does not work? can you confirm ? Is that there is one thing missing in the request to And to make things more difficult, I cannot reproduce this case in my lab. But maybe you can share yours? This is what it gives on my lab (full trace):
|
The domain SID ending to 500 (and it has this shape S-1-5-21-3876225949-3666446388-246247518-500). i dont think you can just use SID On the other hand, instead of the domain SID you can normally use this one Did you test the praetorian poc (https://github.com/praetorian-inc/proxylogon-exploit)? does this work for you? If so I would make adjustments. |
Rapi7 confirms that the module works with the last changes (rapid7/metasploit-framework#14945). see. rapid7/metasploit-framework#14945 (comment) But again, some instance of Microsoft Exchange needs more investigation. Basically the code base remains the same but you need to play with the requests to get the admin rights. You need to look around the request to Everything goes in the |
Hello,
Had this error recently on this branch
Exploit aborted due to failure: not-found: No 'Client ID' was found
On the main branch said got OAB error, though i think it's not related?
Any hints where I should look for?
The text was updated successfully, but these errors were encountered: