Shulou(Shulou.com)05/31 Report--

It is believed that many inexperienced people are at a loss about how to reproduce CVE-2021-26855 from Exchange SSRF to RCE. Therefore, this paper summarizes the causes and solutions of the problem. Through this article, I hope you can solve this problem.

Introduction to 0x00

Exchange Server, a Microsoft email service component, is a messaging and collaboration system that mainly provides collaborative applications from email, meeting scheduling, group schedule management, task management, document management, real-time meetings and workflows.

Overview of 0x01 vulnerabilities

The vulnerability is a server-side request forgery vulnerability (SSRF) in Exchange, which allows attackers to send arbitrary HTTP requests and bypass Exchange Server authentication, which can be exploited by remote unauthorized attackers for intranet detection and can be used to steal the entire contents of a user's mailbox.

Harm: this vulnerability is a server-side request forgery vulnerability (SSRF) in Exchange, which allows attackers to send arbitrary HTTP requests and bypass Exchange Server authentication, which can be exploited by remote unauthorized attackers for intranet detection and can be used to steal the entire contents of a user's mailbox.

0x02 affects version

Microsoft Exchange 2013

Microsoft Exchange 2016 (this time using the CU18 version)

Microsoft Exchange 2019

Microsoft Exchange 2010

0x03 environment building

1. First of all, we will switch the windows-server-2016 we built to the administrator user. If we do not switch to the Administrator user to install Exchange, we will report some errors when installing Exchange.

a. Press and hold the Windows+ R key, enter Control, and open the control plane

b. Find the user account

c. Configure advanced user profile properties

d. Open a user account

e. Click on the user, select Administrators, right-click and set the password: abc.123

Log out-Select "Administrator" to log in

2Builder of AD server for windows Server 2016

Open the server manager and add roles and features

All the way to the server role selection.

Then move on to the next step

Then install and double-click to promote to domain controller

Then add a new forest.

Fill in the password

Then go to the next step, and then click install.

Restart automatically after installation

3, install Exchange Server 2016

Address: https://www.microsoft.com/zh-cn/download/confirmation.aspx?id=102114

Then download .NET4.8 at:

Https://docs.microsoft.com/zh-cn/exchange/plan-and-deploy/prerequisites?view=exchserver-2016

Download C++ dependency package at:

Https://www.microsoft.com/en-us/download/details.aspx?id=30679

4, start the installation and choose not to update

Choose not to use recommendations

All the way to the installation.

After the check, you need to install the following update, address:

Https://docs.microsoft.com/zh-cn/exchange/plan-and-deploy/prerequisites?view=exchserver-2016

Then click install

Then the following interface appears to complete the installation

After successful installation, visit https://ip/ecp to reach the exchange Management Center

Use the domain name\ user name and password to log in to the administration center

Recurrence of 0x04 vulnerabilities

1, download address of vulnerability exp

Https://github.com/mai-lang-chai/Middleware-Vulnerability-detection/blob/master/Exchange/CVE-2021-26855%20Exchange%20RCE/exp.py

Run exp to get shell

0x05 vulnerability defense

Microsoft has officially released a security update to address the above vulnerabilities. It is recommended that affected users upgrade to the secure version as soon as possible. The official secure version can be downloaded by referring to the following link:

Https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26855

After reading the above, have you mastered the method of how to reproduce the CVE-2021-26855 from Exchange SSRF to RCE? If you want to learn more skills or want to know more about it, you are welcome to follow the industry information channel, thank you for reading!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.