ProxyShell_Target

[SouthCore]

Доброго вам времени суток, подскажите, либо научите, либо за %. Есть доступ к корпе UK, соотвественно отдает инфу и dropshell, но ASPX нужно знать и т.д., читанул тут новости про Иранскую группу, кто то может похвастать готовым решением?

 

[SouthCore]

JScript По винде нужен спец

 

[rev5hel1]

что конкретно то нужно ?? тебе нужен aspx shell или что? два раза прочитал. нихрена не понял.

 

[Geometry]

I am not sure if you try to find the Iranian group here or an ASPX shell... (to be honest).
For the second one GitHub is full of solutions, for example:
https://github.com/xl7dev/WebShell/blob/master/Aspx/ASPX%20Shell.aspx

For the first one, sorry I cannot help...

 

[Prokhorenco]

Proxyshell on high value targets is all but dead with the amount of exploitation that has been going on. However if you want to give it a try you can try the following:

Scan:

sudo masscan -Pn -sS -iL ranges.txt --rate 12000 -p443 --open-only --excludefile block.txt | grep -Eo '[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+' > results.txt

Append port:

sed -i 's/$/:443/' results.txt

Vuln scan discovered IP addresses:

nuclei -l results.txt -t nuclei-templates/cves/2021/CVE-2021-34473.yaml -o proxyshell_vulns.txt

NSE scan discovered IP addresses:

nmap --script http-vuln-exchange-proxyshell.nse -Pn -sS -p 443 -iL results.txt -oN proxyshell_vulns

CIDR ranges: https://lite.ip2location.com/ip-address-ranges-by-country
block.txt: https://gist.github.com/ozuma/fb21ab0f7143579b1f2794f4af746fb2
NSE: https://github.com/GossiTheDog/scanning/blob/main/http-vuln-exchange-proxyshell.nse
Example of CIDR output from ip2location: ireland.txt
Exploit: https://github.com/Udyz/proxyshell-auto
Email download: https://github.com/Jumbo-WJB/Exchange_SSRF

 

[Prokhorenco]

Proxyshell on high value targets is all but dead with the amount of exploitation that has been going on. However if you want to give it a try you can try the following:

Scan:

sudo masscan -Pn -sS -iL ranges.txt --rate 12000 -p443 --open-only --excludefile block.txt | grep -Eo '[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+' > results.txt

Append port:

sed -i 's/$/:443/' results.txt

Vuln scan discovered IP addresses:

nuclei -l results.txt -t nuclei-templates/cves/2021/CVE-2021-34473.yaml -o proxyshell_vulns.txt

NSE scan discovered IP addresses:

nmap --script http-vuln-exchange-proxyshell.nse -Pn -sS -p 443 -iL results.txt -oN proxyshell_vulns

CIDR ranges: https://lite.ip2location.com/ip-address-ranges-by-country
block.txt: https://gist.github.com/ozuma/fb21ab0f7143579b1f2794f4af746fb2
NSE: https://github.com/GossiTheDog/scanning/blob/main/http-vuln-exchange-proxyshell.nse
Example of CIDR output from ip2location: ireland.txt
Exploit: https://github.com/Udyz/proxyshell-auto
Email download: https://github.com/Jumbo-WJB/Exchange_SSRF

Vulnerable proxyshell - Nuclei results: https://web.archive.org/web/20230515114941/https://pastebin.com/raw/sQa6pFRL

 

[Казян]

block.txt: https://gist.github.com/ozuma/fb21ab0f7143579b1f2794f4af746fb2

It hasn't been updated in two years, is it out of date?

 

[IIIIXX]

It hasn't been updated in two years, is it out of date?

большинство ипаков принадлежат крупным компаниям, не думаю что они менялись) конечно свежих ботов и кравлеров там нет