Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Added Exchange Web Services PushSubscription CVE-2019-0724 auxiliary module #11420

Merged
merged 19 commits into from Oct 18, 2019

Conversation

@pkb1s
Copy link
Contributor

pkb1s commented Feb 16, 2019

Execution of the module will force Exchange to authenticate to an specified URL over HTTP via the Exchange PushSubscription feature. This allows us to relay the NTLM authentication to a Domain Controller and authenticate with the privileges that Exchange is configured.

root and others added 4 commits Feb 16, 2019
root
pkb1s added 2 commits Feb 16, 2019
@pkb1s pkb1s changed the title Added Exchange Web Server PushSubscription CVE-2019-0686 auxiliary module Added Exchange Web Services PushSubscription CVE-2019-0686 auxiliary module Feb 17, 2019
@pkb1s pkb1s changed the title Added Exchange Web Services PushSubscription CVE-2019-0686 auxiliary module Added Exchange Web Services PushSubscription CVE-2019-0724 auxiliary module Feb 17, 2019
bcoles and others added 11 commits Mar 4, 2019
…ption.rb

Co-Authored-By: pkb1s <petkoutroubis@gmail.com>
…ption.rb

Co-Authored-By: pkb1s <petkoutroubis@gmail.com>
…ption.rb

Co-Authored-By: pkb1s <petkoutroubis@gmail.com>
…ption.rb

Co-Authored-By: pkb1s <petkoutroubis@gmail.com>
…ption.rb

Co-Authored-By: pkb1s <petkoutroubis@gmail.com>
@acammack-r7 acammack-r7 self-assigned this Mar 5, 2019
@pkb1s

This comment has been minimized.

Copy link
Contributor Author

pkb1s commented Apr 11, 2019

Hello! Does this PR wait for an action from me or is it just that there is a big backlog and you haven't had the time to look into it?

@dwelch-r7 dwelch-r7 self-assigned this Oct 8, 2019
dwelch-r7 added a commit that referenced this pull request Oct 18, 2019
@dwelch-r7 dwelch-r7 merged commit 8eed4c7 into rapid7:master Oct 18, 2019
3 checks passed
3 checks passed
Metasploit Automation - Sanity Test Execution Successfully completed all tests.
Details
Metasploit Automation - Test Execution Successfully completed all tests.
Details
continuous-integration/travis-ci/pr The Travis CI build passed
Details
msjenkins-r7 added a commit that referenced this pull request Oct 18, 2019
@dwelch-r7

This comment has been minimized.

Copy link
Contributor

dwelch-r7 commented Oct 19, 2019

Release notes

This adds an auxiliary module to CVE-2019-0724 that can used to make a request to a Microsoft Exchange server and force it to authenticate to a URL under your control.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
5 participants
You can’t perform that action at this time.