Author: Orange Tsai(@orange_8361) from DEVCORE
P.S. This is a cross-post blog from Zero Day Initiative (ZDI)
This is a guest post DEVCORE collaborated with Zero Day Initiative (ZDI) and published at their blog, which describes the exploit chain we demonstrated at Pwn2Own 2021! Please visit the following link to read that :)
If you are interesting in more Exchange Server attacks, please check the following articles:
- A New Attack Surface on MS Exchange Part 1 - ProxyLogon!
- A New Attack Surface on MS Exchange Part 2 - ProxyOracle!
- A New Attack Surface on MS Exchange Part 3 - ProxyShell!
- A New Attack Surface on MS Exchange Part 4 - ProxyRelay!
With ProxyShell, an unauthenticated attacker can execute arbitrary commands on Microsoft Exchange Server through an exposed 443 port! Here is the demonstration video:
沒有留言:
張貼留言