Added Exchange Web Services PushSubscription CVE-2019-0724 auxiliary module #11420
Merged
dwelch-r7 merged 19 commits intorapid7:masterfrom Oct 18, 2019
Merged
Added Exchange Web Services PushSubscription CVE-2019-0724 auxiliary module #11420dwelch-r7 merged 19 commits intorapid7:masterfrom
dwelch-r7 merged 19 commits intorapid7:masterfrom
Conversation
pkb1s
changed the title
pkb1s
changed the title
bcoles
reviewed
Mar 1, 2019
modules/auxiliary/scanner/http/exchange_web_server_pushsubscription.rb
Outdated
Show resolved
Hide resolved
modules/auxiliary/scanner/http/exchange_web_server_pushsubscription.rb
Outdated
Show resolved
Hide resolved
modules/auxiliary/scanner/http/exchange_web_server_pushsubscription.rb
Outdated
Show resolved
Hide resolved
modules/auxiliary/scanner/http/exchange_web_server_pushsubscription.rb
Outdated
Show resolved
Hide resolved
modules/auxiliary/scanner/http/exchange_web_server_pushsubscription.rb
Outdated
Show resolved
Hide resolved
modules/auxiliary/scanner/http/exchange_web_server_pushsubscription.rb
Outdated
Show resolved
Hide resolved
modules/auxiliary/scanner/http/exchange_web_server_pushsubscription.rb
Outdated
Show resolved
Hide resolved
modules/auxiliary/scanner/http/exchange_web_server_pushsubscription.rb
Outdated
Show resolved
Hide resolved
…ption.rb Co-Authored-By: pkb1s <petkoutroubis@gmail.com>
…ption.rb Co-Authored-By: pkb1s <petkoutroubis@gmail.com>
…ption.rb Co-Authored-By: pkb1s <petkoutroubis@gmail.com>
…ption.rb Co-Authored-By: pkb1s <petkoutroubis@gmail.com>
…ption.rb Co-Authored-By: pkb1s <petkoutroubis@gmail.com>
Contributor
Author
|
Hello! Does this PR wait for an action from me or is it just that there is a big backlog and you haven't had the time to look into it? |
dwelch-r7
reviewed
Oct 14, 2019
modules/auxiliary/scanner/http/exchange_web_server_pushsubscription.rb
Outdated
Show resolved
Hide resolved
dwelch-r7
added a commit
that referenced
this pull request
Oct 18, 2019
msjenkins-r7
pushed a commit
that referenced
this pull request
Oct 18, 2019
Contributor
Release notesThis adds an auxiliary module to CVE-2019-0724 that can used to make a request to a Microsoft Exchange server and force it to authenticate to a URL under your control. |
tperry-r7
added
rn-modules
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
5 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Execution of the module will force Exchange to authenticate to an specified URL over HTTP via the Exchange PushSubscription feature. This allows us to relay the NTLM authentication to a Domain Controller and authenticate with the privileges that Exchange is configured.