• Welcome to the world's largest Chinese hacker forum

    Welcome to the world's largest Chinese hacker forum, our forum registration is open! You can now register for technical communication with us, this is a free and open to the world of the BBS, we founded the purpose for the study of network security, please don't release business of black/grey, or on the BBS posts, to seek help hacker if violations, we will permanently frozen your IP and account, thank you for your cooperation. Hacker attack and defense cracking or network Security

    business please click here: Creation Security  From CNHACKTEAM

Ladon7.4 CVE-2020-0688 Exchange序列化漏洞利用【附Ladon工具】


k8

Recommended Posts

漏洞编号

CVE-2020-0688

漏洞原理

漏洞产生的主要原因就是在Exchange ECP组件中发现,邮件服务在安装的过程中不会随机生成秘钥,也就是说所有默认安装的Exchange服务器中的validationKey和decryptionKey的值都是相同的,这些密钥用于保证ViewState的安全性。而ViewState是ASP.NET Web应用以序列化格式存储在客户机上的服务端数据。客户端通过__VIEWSTATE请求参数将这些数据返回给服务器。攻击者可以利用默认秘钥对服务器发起攻击,在Exchange web应用上执行任意.net代码。

影响版本

exchange 2010、2013、2016、2019

模块类型

漏洞利用

模块功能

已知Exchange帐密,获取目标服务器权限。

Exchange探测

PortScan扫描Exchange邮件服务器

image

WhatCms识别Exchange邮件服务器

image

EXP用法

1
Ladon cve-2020-0688 192.168.1.8 Administrator k8gege520

成功反弹CmdShell,使用exec执行命令
image

参考:https://github.com/zcgonvh/CVE-2020-0688

Ladon下载

历史版本: https://github.com/k8gege/Ladon/releases

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now