CVE-2021-26855CISA KEV: Actively Exploited

Microsoft Exchange Server Remote Code Execution Vulnerability

Published Nov 3, 2021·Updated Nov 3, 2021

Description

Microsoft Exchange Server contains an unspecified vulnerability that allows for remote code execution. This vulnerability is part of the ProxyLogon exploit chain.

Public Exploits & PoCs45 found

PoC: SharpProxyLogon

C# POC for CVE-2021-26855 aka ProxyLogon, supports the classically semi-interactive web shell as well as shellcode injection

213

PoC: proxylogscan

A fast tool to mass scan for a vulnerability on Microsoft Exchange Server that allows an attacker bypassing the authentication and impersonating as the admin (CVE-2021-26855).

138

PoC: ProxyVulns

[ProxyLogon] CVE-2021-26855 & CVE-2021-27065 Fixed RawIdentity Bug Exploit. [ProxyOracle] CVE-2021-31195 & CVE-2021-31196 Exploit Chains. [ProxyShell] CVE-2021-34473 & CVE-2021-34523 & CVE-2021-31207 Exploit Chains.

132

PoC: CVE-2021-26855

CVE-2021-26855 exp

109

PoC: ProxyLogon

ProxyLogon(CVE-2021-26855+CVE-2021-27065) Exchange Server RCE(SSRF->GetWebShell)

106

PoC: exchange_webshell_detection

Detect webshells dropped on Microsoft Exchange servers exploited through "proxylogon" group of vulnerabilites (CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, CVE-2021-27065)

96

PoC: CVE-2021-26855

PoC of proxylogon chain SSRF(CVE-2021-26855) to write file by testanull, censored by github

57

PoC: proxylogon-exploit

Proof-of-concept exploit for CVE-2021-26855 and CVE-2021-27065. Unauthenticated RCE in Exchange.

43

PoC: Microsoft_Exchange_Server_SSRF_CVE-2021-26855

Microsoft Exchange Server SSRF漏洞(CVE-2021-26855)

40

PoC: ProxyLogon

ProxyLogon is the formally generic name for CVE-2021-26855, a vulnerability on Microsoft Exchange Server that allows an attacker bypassing the authentication and impersonating as the admin. We have also chained this bug with another post-auth arbitrary-file-write vulnerability, CVE-2021-27065, to get code execution.

27

PoC: Exch-CVE-2021-26855

CVE-2021-26855: PoC (Not a HoneyPoC for once!)

25

PoC: ExchangeSSRFtoRCEExploit

CVE-2021-26855 & CVE-2021-27065

24

PoC: HAFNIUM-IOC

A PowerShell script to identify indicators of exploitation of CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, and CVE-2021-26865

21

PoC: CVE-2021-26855-SSRF

This script helps to identify CVE-2021-26855 ssrf Poc

20

PoC: CVE-2021-26855

PoC for CVE-2021-26855 -Just a checker-

19

PoC: CVE-2021-26855_Exchange

Microsoft Exchange Proxylogon Exploit Chain EXP分析

13

PoC: proxylogon

RCE exploit for Microsoft Exchange Server (CVE-2021-26855).

12

PoC: CVE-2021-26855

CVE-2021-26855, also known as Proxylogon, is a server-side request forgery (SSRF) vulnerability in Exchange that allows an attacker to send arbitrary HTTP requests and authenticate as the Exchange server.

12

PoC: CVE-2021-26855-PoC

PoC exploit code for CVE-2021-26855

12

PoC: poc_proxylogon

Microsoft Exchange ProxyLogon PoC (CVE-2021-26855)

9

PoC: ProxyLogon-CVE-2021-26855

RCE exploit for ProxyLogon vulnerability in Microsoft Exchange

9

PoC: CVE-2021-26855-SSRF-Exchange

CVE-2021-26855 SSRF Exchange Server

8

PoC: exchange-0days-202103

IoC determination for exploitation of CVE-2021-26855, CVE-2021-26857, CVE-2021-26858 and CVE-2021-27065.

6

PoC: HAFNIUM-Microsoft-Exchange-0day

CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, CVE-2021-27065

5

PoC: ProxyLogon-CVE-2021-26855-metasploit

CVE-2021-26855 proxyLogon metasploit exploit script

4

PoC: CVE-2021-26855_SSRF

POC of CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, and CVE-2021-26865, ProxyLogon poc

4

PoC: exchange_proxylogon

Module pack for #ProxyLogon (part. of my contribute for Metasploit-Framework) [CVE-2021-26855 && CVE-2021-27065]

4

PoC: ProxyLogon

Chaining CVE-2021-26855 and CVE-2021-26857 to exploit Microsoft Exchange

3

PoC: CVE-2021-26855-Scanner

Scanner and PoC for CVE-2021-26855

3

PoC: ProxyLogon

ProxyLogon (CVE-2021-26855+CVE-2021-27065) Exchange Server RCE (SSRF->GetWebShell)

1

PoC: Exch-CVE-2021-26855_Priv

patched to work

1

PoC: CVE-2021-26855

CVE-2021-26855 exp

1

PoC: CTT-Exchange-RCE-v1.0---Microsoft-Exchange-Exploit-CVSS-10.0-CRITICAL-CVE-2021-26855-CVE-2021-27065

CTT-enhanced version of the Microsoft Exchange Server SSRF to RCE exploit (ProxyShell/ProxyLogon), another CVSS 10.0 critical vulnerability that affected hundreds of thousands of organizations worldwide.

PoC: CTT-ProxyLogon-RCE-v1.0---Convergent-Time-Theory-Enhanced-Microsoft-Exchange-Exploit

An advanced exploit for Microsoft Exchange Server (CVE-2021-26855, CVE-2021-27065) enhanced with Convergent Time Theory principles, achieving near-perfect theoretical rating through quantum temporal resonance and α-dispersion techniques.

PoC: testanull-CVE-2021-26855_read_poc.txt

Clone from gist

PoC: Microsoft-Exchange-RCE

Microsoft Exchange CVE-2021-26855&CVE-2021-27065

PoC: Zirconium

Tool to search for IOCs related to HAFNIUM: CVE-2021-26855 CVE-2021-26857 CVE-2021-26858 CVE-2021-27065

PoC: ExchangeSmash

CVE-2021-26855

PoC: Flangvik

C# POC for CVE-2021-26855 aka ProxyLogon, supports the classically semi-interactive web shell as well as shellcode in…

PoC: Flangvik

C# POC for CVE-2021-26855 aka ProxyLogon, supports the classically semi-interactive web shell as well as shellcode in…

PoC: 106362522

針對近期微軟公布修補遭駭客攻擊的Exchange Server漏洞問題,台灣DEVCORE表示早在1月5日便已發現安全漏洞後,並且向微軟通報此項編號命名為「CVE-2021-26855 」,以及「CVE-2021-27065」的零日漏洞,同時也將此項漏洞稱為「ProxyLogon」。 此次揭露的「ProxyLogon」漏洞,是以無需驗證即可使用的遠端程式碼執行 (Pre-Auth Remote Code Execution;Pre-Auth RCE)零日漏洞(Zero-day exploit),可讓攻擊者得以繞過身份驗證步驟,驅使系統管理員協助執行惡意文件或執行指令,進而觸發更廣泛的攻擊。 「ProxyLogon」是微軟近期被揭露最重大的RCE漏洞之一,DEVCORE團隊遵循責任揭露 (Responsible Disclosure)原則,在發現後便第一時間立即於今年1月5日通報微軟進行修補,避免該漏洞遭有心人士利用,造成全球用戶重大損失。而微軟遂於3月2日針對相關漏洞釋出安全更新,避免用戶機敏資訊遭受惡意攻擊。個人想法:遭駭客攻擊的Exchange Server漏洞問題,台灣DEVCORE表示早在1月5日

PoC: CVE-2021-26855-CVE-2021-27065

analytics ProxyLogo Mail exchange RCE

PoC: CVE-2021-26855-Exchange-RCE

Microsoft Exchange Proxylogon Exploit Chain EXP分析

PoC: Exchange_IOC_Hunter

CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, CVE-2021-27065

PoC: ExchangeWeaknessTest

This script test the CVE-2021-26855 vulnerability on Exchange Server.

References

View on NVD Search GitHub Search Google

Get alerted for CVEs like this

Register your stack and get notified within minutes when a matching CVE drops.

Start monitoring free