Home

Awesome

ProxyShell

Proof of Concept Exploit for Microsoft Exchange CVE-2021-34473, CVE-2021-34523, CVE-2021-31207

Details

For background information and context, read the blog post detailing the research by Horizon3: https://www.horizon3.ai/news/blog/proxyshell

Features

Usage

python3 exchange_proxyshell.py -u https://<IP>

Example output

Proof

Mitigations

Apply the security updates found here: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34473

Prior Research Credit

Disclaimer

This software has been created purely for the purposes of academic research and for the development of effective defensive techniques, and is not intended to be used to attack systems except where explicitly authorized. Project maintainers are not responsible or liable for misuse of the software. Use responsibly.