wyatu / cve-2018-8581 Goto Github PK
View Code? Open in Web Editor NEWCVE-2018-8581 | Microsoft Exchange Server Elevation of Privilege Vulnerability
CVE-2018-8581 | Microsoft Exchange Server Elevation of Privilege Vulnerability
执行脚本的时候会报错
Traceback (most recent call last):
File "CVE-2018-8581.py", line 333, in
result = request_func(IP, PORT, PROTO, add_body)
File "CVE-2018-8581.py", line 69, in request_func
(ServerChallenge, NegotiateFlags) = ntlm.parse_NTLM_CHALLENGE_MESSAGE(Nonce[len("NTLM "):])
File "/usr/local/lib/python2.7/dist-packages/ntlm/ntlm.py", line 219, in parse_NTLM_CHALLENGE_MESSAGE
msg2 = base64.decodestring(msg2)
File "/usr/lib/python2.7/base64.py", line 328, in decodestring
return binascii.a2b_base64(s)
binascii.Error: Incorrect padding
这个应该怎么解决。
相同脚本下,2013成功复现,但是2016报错,Something error, can't get the sid of the TARGET_EMAIL,plz confirm the config
前一行是 : Authentication and request sent successfully。
请问是否有解决方法,非常感谢!!
报以下错误,windows2012 r2 + Python2.7.14+exchage2013,请问有没有解决办法,非常感谢!
E:\CVE-2018-8581-master>python CVE-2018-8581.py
[] Exchange Server Address: https://mail.yi.com:443
[] Sending 'AddDelegate' EWS request to get the sid of the TARGET_EMAIL 'sunli
yi.com'...
[] Got 401 response with NTLM NONCE.
[] Trying authenticate current user...
Traceback (most recent call last):
File "CVE-2018-8581.py", line 333, in
result = request_func(IP, PORT, PROTO, add_body)
File "CVE-2018-8581.py", line 69, in request_func
(ServerChallenge, NegotiateFlags) = ntlm.parse_NTLM_CHALLENGE_MESSAGE(Nonce
len("NTLM "):])
File "C:\Python27\lib\site-packages\ntlm\ntlm.py", line 219, in parse_NTLM_CH
LLENGE_MESSAGE
msg2 = base64.decodestring(msg2)
File "C:\Python27\lib\base64.py", line 328, in decodestring
return binascii.a2b_base64(s)
binascii.Error: Incorrect padding
make_relay_body
有别的脚本可以测试吗 在2010没成功过
没有任何回应出来
首先感谢,有个疑问,Port and url of ur HTTP server指的是攻击机的iP和端口么,还是需要搭一台http server并开放个8080之类的端口?谢谢!
[+] Sending 'PushSubscription' EWS request successfully
[] Now start to relay NTLM...
[] Started httpserver on port 8080
[*] Start to add delegate, Plz wait...
到了这一步,就执行不下去了,代理是否需要手动呀
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.