Exchange / OWA

Checklists/Microsoft Exchange.md at master · netbiosX/ChecklistsGitHub

GitHub - kh4sh3i/exchange-penetration-testing: The great Microsoft exchange hack: A penetration tester’s guide (exchange penetration testing)GitHub

Exchange | Pentester's Promiscuous Notebook

OWA | Pentester's Promiscuous Notebook

54  auxiliary/gather/exchange_proxylogon_collector                2021-03-02       normal     No     Microsoft Exchange ProxyLogon Collector
   55    \_ action: Dump (Contacts)                                  .                .          .      Dump user contacts from exchange server
   56    \_ action: Dump (Emails)                                    .                .          .      Dump user emails from exchange server
   57  exploit/windows/http/exchange_proxylogon_rce                  2021-03-02       excellent  Yes    Microsoft Exchange ProxyLogon RCE
   58    \_ target: Windows Powershell                               .                .          .      .
   59    \_ target: Windows Dropper                                  .                .          .      .
   60    \_ target: Windows Command                                  .                .          .      .
   61  auxiliary/scanner/http/exchange_proxylogon                    2021-03-02       normal     No     Microsoft Exchange ProxyLogon Scanner
   62  exploit/windows/http/exchange_proxynotshell_rce               2022-09-28       excellent  Yes    Microsoft Exchange ProxyNotShell RCE
   63    \_ target: Windows Dropper                                  .                .          .      .
   64    \_ target: Windows Command                                  .                .          .      .
   65  exploit/windows/http/exchange_proxyshell_rce                  2021-04-06       excellent  Yes    Microsoft Exchange ProxyShell RCE
   66    \_ target: Windows Powershell                               .                .          .      .
   67    \_ target: Windows Dropper                                  .                .          .      .
   68    \_ target: Windows Command                                  .                .          .      .

ProxyNotShell

GitHub - MazX0p/ProxyNotShell-ScannerGitHub

OWASSRF: CrowdStrike Identifies New Exploit Method for Exchange Bypassing ProxyNotShell MitigationsCrowdStrike.com

Exploiting Exchange Powershell after ProxyNotShell

Zero Day Initiative — Exploiting Exchange PowerShell After ProxyNotShell: Part 1 - MultiValuedPropertyZero Day Initiative

MailSniper

GitHub - dafthack/MailSniper: MailSniper is a penetration testing tool for searching through email in a Microsoft Exchange environment for specific terms (passwords, insider intel, network architecture information, etc.). It can be used as a non-administrative user to search their own email, or by an administrator to search the mailboxes of every user in a domain.GitHub