DurianComm WAF LogAnalysis
SCENARIO INFORMATION
DESCRIPTION:
This scenario serves as a guide on how to:
– Understand Microsoft Exchange Memory Corruption vulnerability CVE-2020-0688 found on all versions of windows exchange prior to 2019.
– Carry out a vulnerability scan to detect Microsoft Exchange Memory Corruption vulnerability CVE-2020-0688 and later run an exploit on the target machine to get a remote shell with system privileges on the victim Machine.
– Exploit this vulnerability on the target machine to get a remote shell with system privileges on the victim Machine is also part of what will be demonstrated in this scenario.
OBJECTIVES AND OUTCOME:
After completing this scenario you will be able to:
– Identify Microsoft Exchange Memory Corruption Vulnerability CVE-2020-0688 ,
– Use a publicly available exploit or metasploit to exploit the same.
PRE-REQUISITES:
In order to get the full benefit from this scenario, it is suggested that you have competencies in the following areas:
– Basic Linux and Windows command line knowledge
– Basic understanding of networking
– Familiarity with Metasploit and and exploit modules
– Some knowledge on deserialization of objects
RECOMMENDED READING:
It is suggested that you consult with these recommended reading resources and pre-existing scenarios:
https://www.zerodayinitiative.com/blog/2020/2/24/cve-2020-0688-remote-code-execution-on-microsoft-exchange-server-through-fixed-cryptographic-keys
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-0688
https://www.security7.net/news/cve-2020-0688-patch-your-exchange-servers
AUTHOR:
This scenario was created by Timothy Wambua
