Other Articles
Exchange 2019:- ECP_DLP_Policy Exploit
I have been covering some of the exploits in Exchange Server in a few of my blog posts and wanted to highlight the fact that I tested another one which allowed me to get a shell on the Exchange Server. Metasploit has a module for the above exploit which worked against...
Exchange 2019:- ProxyNotShell Exploit
In two of my previous blog posts, we looked at exploiting unpatched/vulnerable Exchange servers with "ProxyLogon" and "ProxyShell". As the exploit lists keep growing, we will look at the "ProxyNotShell" exploit. One of my many Exchange 2019 lab servers was running...
Exchange 2019:- ProxyShell Exploit
In my previous blog post we looked at the Proxy Logon Exploit where several CVE's could be used to exploit an Exchange Server. In this article we will look at another exploit called "ProxyShell". The CVE for this vulnerability is "CVE-2021-34473". Let's head over to...
Exchange 2019:- ProxyLogon Exploit
Many of us know the HAFNIUM attacks that took place a little while ago and many Exchange servers were compromised. The sad part is that many Exchange Servers are still unpatched and vulnerable to attack, maybe not to the CVE's listed below but to others as well. One...
Exchange 2019:- Using IISCrypto 3.3 with Exchange 2019 CU13
A few years back I wrote a blog post for Exchange 2016 where we used IISCrypto to remove Protocols, Ciphers, Hashes, Key Exchanges etc. that posed a security risk externally if the servers were published to the internet however upon running a newer release it seemed...
Exchange 2019:- Brute forcing OWA to gain access to user accounts
We all know that end users hate complex passwords and having to change passwords often leads them to use the same password but add a number or character at the end of it. Password complexity is just one of the problems. The next problem is information disclosure such...
Information disclosure with NTLM Authentication in Exchange Server
Performing some tests against my lab Exchange servers, I noticed that Shodan.io revealed information. Take note that attackers also use Shodan.io when enumerating targets. After digging further with NMAP and some scripts, it became more apparent that internal...
Exchange 2019:- October 2023 Security Update KB5030877
In my blog post yesterday where I show cased that a bad actor can get the Exchange Server version with CU/SU you are running and based on that information if not patched start attacking your server. In the October 2023 Security Update for Exchange, KB5030877 for both...
Exchange 2013/2016/2019:- How NMAP reveals Exchange Server information.
Over the past few years, Microsoft Exchange Server has come under heavy attack and with each new Cumulative Update (CU) and Security Update (SU), CVE's are addressed and closed. The problem comes in when organisations do not patch servers (as mentioned in a few of my...
Windows Server 2016:- Bypassed ESET/Tehtris and ran Invoke-Mimikatz
I was testing the Invoke-Mimikatz script on my Windows 2016 Server and while it is straight forward to bypass Windows Defender, I thought of taking the challenge and seeing if I can bypass ESET on the same server. If you try and copy the file from a zip file for...