Coder Social home page Coder Social logo

cve-2018-8581's People

Stargazers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Watchers

avatar avatar avatar avatar avatar avatar avatar

Forkers

killvxk sry309 xiaolushuo scanfsec minkione iraqnophobia w00t3k td00k sasqwatch l4inoday kuteminh11 n1f2c3 yzkc fortunec00kie superdong0 airbasic lordsky mbtimy mthq shantanu561993 ridter fuhei npcola rainism vf3ng jas502n unclejim hacker-one letian-321 rank0 0patch test123test111 superxiaoxiong raystyle 0x09al explife0011 cclauss paladin1412 b0y1n4o4 edvacco 1337g f8syw5v tyekrgk bigbigx flying0er fengzihk hejmuggle rainly peteryuqing 0x0kasaku shellsec crypt0b0y mdunten lex1010 ilovecode2018 hyabcd x311 wifido hnisec ailann pwd120 slowmistio heartway spr1ngbr0ther ldbqh lua-study choutofu orf53975 espandy h4ck0ne awesome-security lvjianwu yangshuangfu jymcheong superf0sh heihahe kaisaryousuf anyedt crackercat bigbrobro likeniulijuan hoolign fuck123fuckabc lily110 attackgithub whoamiecho nr4v3n ldcm ddsec imulmul tquentin f4org3it axax002 xzvb12 askyeye flywithoutwings redteams gh0st0ne 3453-315h fdlucifer

cve-2018-8581's Issues

脚本报错

执行脚本的时候会报错

Traceback (most recent call last):
File "CVE-2018-8581.py", line 333, in
result = request_func(IP, PORT, PROTO, add_body)
File "CVE-2018-8581.py", line 69, in request_func
(ServerChallenge, NegotiateFlags) = ntlm.parse_NTLM_CHALLENGE_MESSAGE(Nonce[len("NTLM "):])
File "/usr/local/lib/python2.7/dist-packages/ntlm/ntlm.py", line 219, in parse_NTLM_CHALLENGE_MESSAGE
msg2 = base64.decodestring(msg2)
File "/usr/lib/python2.7/base64.py", line 328, in decodestring
return binascii.a2b_base64(s)
binascii.Error: Incorrect padding

这个应该怎么解决。

exchange 2016报错,漏洞未复现

相同脚本下,2013成功复现,但是2016报错,Something error, can't get the sid of the TARGET_EMAIL,plz confirm the config
前一行是 : Authentication and request sent successfully。
请问是否有解决方法,非常感谢!!

base64编码报错

报以下错误,windows2012 r2 + Python2.7.14+exchage2013,请问有没有解决办法,非常感谢!

E:\CVE-2018-8581-master>python CVE-2018-8581.py
[] Exchange Server Address: https://mail.yi.com:443
[] Sending 'AddDelegate' EWS request to get the sid of the TARGET_EMAIL 'sunli
yi.com'...
[] Got 401 response with NTLM NONCE.
[] Trying authenticate current user...
Traceback (most recent call last):
File "CVE-2018-8581.py", line 333, in
result = request_func(IP, PORT, PROTO, add_body)
File "CVE-2018-8581.py", line 69, in request_func
(ServerChallenge, NegotiateFlags) = ntlm.parse_NTLM_CHALLENGE_MESSAGE(Nonce
len("NTLM "):])
File "C:\Python27\lib\site-packages\ntlm\ntlm.py", line 219, in parse_NTLM_CH
LLENGE_MESSAGE
msg2 = base64.decodestring(msg2)
File "C:\Python27\lib\base64.py", line 328, in decodestring
return binascii.a2b_base64(s)
binascii.Error: Incorrect padding

make_relay_body

make_relay_body
有别的脚本可以测试吗 在2010没成功过
没有任何回应出来

Port and url of ur HTTP server

首先感谢,有个疑问,Port and url of ur HTTP server指的是攻击机的iP和端口么,还是需要搭一台http server并开放个8080之类的端口?谢谢!

2010sp1

[+] Sending 'PushSubscription' EWS request successfully
[] Now start to relay NTLM...
[] Started httpserver on port 8080
[*] Start to add delegate, Plz wait...

到了这一步,就执行不下去了,代理是否需要手动呀

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.