dmaasland / proxyshell-poc Goto Github PK

View Code? Open in Web Editor NEW

372.0 9.0 109.0 6.57 MB

Python 95.16% Dockerfile 4.84%

proxyshell-poc's Introduction

proxyshell-poc

proxyshell-poc's People

Contributors

Stargazers

Watchers

Forkers

fsacer askyeye lazydreamerboy rvrsh3ll agowa sleepyeinstein jermainlaforce tongxue223 p3t3rp4rk3r jeningogo crackercat udyz zhouzu gitttttbottttt phuong39 iiiusky lsr00ter k4k4 wudicainiao dinihou funnydog896 irsdl slurpgeit meannogreen dcmjid curtishoughton mabangde cephurs pu55yf3r virgilcj datntsec bb33bb shanfenglan st-lucifer 3m1za4 potat0chips badguy0827 whichbuffer lex1010 r3dc4t0x00 team-firebugs chivrs supejkj changheluor007 astring0 jack51706 ashr kkin77 fengzihk prettyrecon w1kyri3 wayc0des-land babywyrm b1naryxx cafa1 shantanu561993 zha0 akpotter legionxkp byt3d3f3nd3r gysf666 filipesam qlng ylh666 hartl3y94 yijinglab fbion rassec budtit hstarrr saucer-man fireinthehole2019 weiwhy 5l1v3r1 sonofapharmacist hittergo mohams3c mollaahmadi fdlucifer tgaout eeenvik1 nickswink juanschallibaum 0rx1 badguy233 justinforbes jeromeyoung ammasajan as4mir abramas jeffchan69 krizalchen zlgxzswjy bitbob-cmd mochizuki3310 aluminum5 adrenaline6 ofirsw sts0mrg0 tonyscy

proxyshell-poc's Issues

i need help

What's the password about weshell, please

TypeError: tostring() got an unexpected keyword argument 'xml_declaration'

Tried running on our network and received this error.

Command was python3 proxyshell.py -u x.x.x.x -e [email protected]

Traceback (most recent call last):
File "proxyshell.py", line 247, in
main()
File "proxyshell.py", line 236, in main
exploit(proxyshell)
File "proxyshell.py", line 180, in exploit
proxyshell.get_legacydn()
File "proxyshell.py", line 109, in get_legacydn
data = self.autodiscover_body()
File "proxyshell.py", line 137, in autodiscover_body
xml_declaration=False
TypeError: tostring() got an unexpected keyword argument 'xml_declaration'

shellid

The following error keeps getting:
The request for the Windows Remote Shell with ShellId D5C38865-CC9C-4B0D-A218-916D3C42288C failed because the shell was not found on the server. Possible causes are: the specified ShellId is incorrect or the shell no longer exists on the server. Provide the correct ShellId or create a new shell and retry the operation.

Lead to getshell is 404 or can get shell。

make automatic

hi bro,
if it is possible please add this module:
https://github.com/Udyz/Automatic-Proxylogon-Exploit
to find email automatically and exploit it with getting shell tnx

Error when dropshell

I have this message when dropshell. Please give me a guide or something to solve this problem

"The name must be unique per mailbox. There isn't a default name available for a new request owned by mailbox 'Administrator'. Please clean up existing requests by using the Remove cmdlet or specify a unique name"

Get shell but unable to execute any commands

Hi,

Thank you for your effort writing this POC!

However, when I try this against Exchange Server 2019 CU 8 I get a shell but no commands work. If I try executing "whoami" the error I get is "The term 'whoami.exe' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and try again". If I try checking if constrained language mode is enabled using "$ExecutionContext.SessionState.LanguageMode" I get the error "A variable that cannot be referenced in restricted language mode or a Data section is being referenced. Variables that can be referenced include the following: $PSCulture, $PSUICulture, $true, $false, $null.". This reply is strange since I have double checked if constrained language mode is enabled on the Exchange server and it is not.

See the attached picture for more information.

Is there anything I can do to fix this?

Thanks!

XML ParseError error

Anyone can fix this error ?!

Traceback (most recent call last):
  File "proxyshell_rce.py", line 369, in <module>
    main()
  File "proxyshell_rce.py", line 349, in main
    exploit(proxyshell)
  File "proxyshell_rce.py", line 179, in exploit
    proxyshell.get_legacydn()
  File "proxyshell_rce.py", line 117, in get_legacydn
    autodiscover_xml = ET.fromstring(r.content)
  File "/usr/lib/python3.8/xml/etree/ElementTree.py", line 1321, in XML
    return parser.close()
xml.etree.ElementTree.ParseError: no element found: line 1, column 0

使用dropshell命令后，重复请求

请问应该怎么处理？

help

hay

create template nuclei

CreateItem Content encode\decode function

hi
how can change content of attachment?

mpbbCrypt = [65, 54, 19, 98, 168, 33, 110, 187, 244, 22, 204, 4, 127, 100, 232, …]
encode_table = bytes.maketrans((bytearray(mpbbCrypt), bytearray(range(256)))
'<%@ Page Language="Jscript"%>…'.translate(encode_table)

I want put my own payload to attachment

New-ManagementRoleAssignment error

127.0.0.1 - - [16/Aug/2021 15:43:22] "POST /wsman HTTP/1.1" 200 -
OUTPUT:

ERROR:
The term 'New-ManagementRoleAssignment' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and try again.

All command is not recognized

I have a problem with PS CLI, when I enter any command - it is not recognized.

PS> whoami
127.0.0.1 - - [17/Aug/2021 08:54:19] "POST /wsman HTTP/1.1" 200 -
127.0.0.1 - - [17/Aug/2021 08:54:19] "POST /wsman HTTP/1.1" 200 -
127.0.0.1 - - [17/Aug/2021 08:54:19] "POST /wsman HTTP/1.1" 200 -
127.0.0.1 - - [17/Aug/2021 08:54:19] "POST /wsman HTTP/1.1" 200 -
127.0.0.1 - - [17/Aug/2021 08:54:19] "POST /wsman HTTP/1.1" 200 -
127.0.0.1 - - [17/Aug/2021 08:54:19] "POST /wsman HTTP/1.1" 200 -
127.0.0.1 - - [17/Aug/2021 08:54:19] "POST /wsman HTTP/1.1" 200 -
127.0.0.1 - - [17/Aug/2021 08:54:19] "POST /wsman HTTP/1.1" 200 -
127.0.0.1 - - [17/Aug/2021 08:54:19] "POST /wsman HTTP/1.1" 200 -
OUTPUT:

ERROR:
The term 'whoami.exe' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and try again.
PS> get-module
127.0.0.1 - - [17/Aug/2021 08:54:38] "POST /wsman HTTP/1.1" 200 -
127.0.0.1 - - [17/Aug/2021 08:54:39] "POST /wsman HTTP/1.1" 200 -
127.0.0.1 - - [17/Aug/2021 08:54:39] "POST /wsman HTTP/1.1" 200 -
127.0.0.1 - - [17/Aug/2021 08:54:39] "POST /wsman HTTP/1.1" 200 -
127.0.0.1 - - [17/Aug/2021 08:54:40] "POST /wsman HTTP/1.1" 200 -
127.0.0.1 - - [17/Aug/2021 08:54:40] "POST /wsman HTTP/1.1" 200 -
127.0.0.1 - - [17/Aug/2021 08:54:40] "POST /wsman HTTP/1.1" 200 -
OUTPUT:

ERROR:
The term 'Get-Module' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and try again.

Any ideas why this is happening?

All the process was success but cant run any cmd/powershell command

Someone here solve the issue ?

PS> whoami
[+] Created powershell session on abc.test.wh
127.0.0.1 - - [17/Nov/2021 12:01:10] "POST /wsman HTTP/1.1" 200 -
127.0.0.1 - - [17/Nov/2021 12:01:11] "POST /wsman HTTP/1.1" 200 -
127.0.0.1 - - [17/Nov/2021 12:01:11] "POST /wsman HTTP/1.1" 200 -
[-] Load balanced to wrong server: abc2.test.wh
[-] Load balanced to wrong server: abc2.test.wh
127.0.0.1 - - [17/Nov/2021 12:01:12] "POST /wsman HTTP/1.1" 200 -
[-] Load balanced to wrong server: abc2.test.wh
127.0.0.1 - - [17/Nov/2021 12:01:13] "POST /wsman HTTP/1.1" 200 -
127.0.0.1 - - [17/Nov/2021 12:01:13] "POST /wsman HTTP/1.1" 200 -
[+] PS> whoami
OUTPUT:

ERROR:
The term 'whoami.exe' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and try again.
[-] Load balanced to wrong server: abc2.test.wh
127.0.0.1 - - [17/Nov/2021 12:01:14] "POST /wsman HTTP/1.1" 200 -
PS>