wiki.smhuda.com Open in urlscan Pro
172.64.147.209  Public Scan

Form analysis
0 forms found in the DOM

Text Content

Wiki

More


SearchCtrl + K
 * Introduction
 * 👾Penetration Testing
   * Application Security
      * Mobile App Security
         * Android Application Testing
            * Security Checklist
            * SSL Pinning Bypasses
            * Non-Proxy Aware Applications
               * Setting up VPN Server
               * Bypasses
           
            * Common Proxying Issues
            * Android Local Storage Checks
            * Android Task Hijacking
            * Kiosk Mode / Breakout Testing
            * Magisk on GenyMotion
        
         * iOS Application Testing
            * iOS Testing Using Objection
            * IPA Analysis Using MobSF
            * iOS Jailbreak Bypass
            * Decrypting iOS Apps
            * iOS Reverse Engineering
            * Jailbreak Detection Bypasses
            * iOS Local Storage Checks
            * Installing IPA
            * ATS Auditing
            * iOS Jailbreaking
            * Frida Pinning Bypasses
        
         * Code Security
         * Frida on Windows
     
      * Web Application Security
         * Web Shells
         * CSV Injection
         * Measure Response Time using CURL
         * OSINT
            * EyeWitness
        
         * GraphQL Hacking
     
      * API Security
         * Security Checklist
         * Postman and Burp
         * CURL via BurpSuite
         * SOAP API Pentesting
   
   * Infrastructure Security
      * Network Infrastructure
         * Red Team Powershell Scripts
         * Mounting NFS Shares
         * Password Cracking/Auditing
         * Remote Access Sheet
         * Password Cracking Using Hashcat
         * Calculate IP Addresses from CIDR
         * Grep IP addresses or IP Ranges from a File
         * Default Credentials Checking
         * Check SSL/TLS Certificates
         * Log a terminal session
         * Unauthenticated Mongo DB
         * Microsoft SQL Server (MSSQL)
         * NTP Mode 6 Vulnerabilities
         * BloodHound
         * AD Offensive Testing
         * CrackMapExec
         * Select all IP addresses in Sublime Text
         * Convert CIDRs to an IP address list
         * Microsoft Exchange Client Access Server Information Disclosure
         * Web Server HTTP Header Internal IP Disclosure
         * smbclient.py
         * GetUserSPNs.py
         * Get-GPPPassword.py
         * SMBMap
         * Mounting Shares
         * mitm6
         * AD Attacks
         * Weak IKE Security Configurations
     
      * Wireless Security
         * Cached Wireless Keys
         * Aircrack Suite
   
   * SSL/TLS Security
   * Secure Code Review
      * Python
      * Semgrep
         * Semgrep to HTML Report
   
   * Cloud Security
      * Cloud Penetration Testing
   
   * Social Engineering
      * Simulated Phishing
         * GoPhish
   
   * Tool Usage
      * Docker
      * Split
      * PhantomJS
      * Aquatone
      * Tmux
      * Ipainstaller
      * Public IP From Command Line
      * Wifite
      * IKE Scan
      * Grep
      * Pulling APKs
      * Bitsadmin
      * Drozer
      * Iptables
      * Python Web Server
      * Crackmapexec
      * Impacket
      * Nessus
      * Adding SUDO User
      * Nmap
      * Metasploit Payloads
      * SMTP Open Relay
      * SQLMap
      * Screen
      * Remove All After Colon
      * Remove Old Linux Kernels
      * CURL
      * Hashcat
      * Secure Copy Protocol (SCP)
      * SSH & PGP Tools
      * IP Calculator
      * BloodHound
      * Netcat File Transfer
      * OpenVAS
      * BurpSuite
      * Exiftool
      * Python Virtual Environments
   
   * Errors and Solutions
      * Kill Process On Specific Port
      * Kill SSH Port Forwarding
      * SSH Key
      * Expanding Disk on Kali VM
   
   * Scoping
      * Scoping Questionnaires
         * Mobile App Testing
   
   * OSINT
      * Dark Web OSINT
      * Certificate Chain Check
      * EyeWitness - Web Service Screenshot
      * Tor to Browse Onion Links
      * DarkDump - Scan Dark Web for Onion Links
      * Domain related File Search
      * Google Dorking
      * IP / Network Blocks owned by a Company
 * ⌨️Programming
   * Automation
      * Running a Service at Boot
      * Network Connectivity Cron
   
   * Python
      * Adding Columns in Pandas
      * Copy Entire Column Data To New Column Pandas
      * Loading Progress Bar
      * Reorder Columns in Pandas
      * Filename with Date/Time Stamp
      * Command Line Arguments
      * Changing Date Format
      * Removing Index Column Pandas
      * Regex - Remove HTML Tags
      * Column Header Mapping
 * 🌐Miscellaneous
   * Scripts
      * Clickjacking Checker
      * Bulk WHOIS
      * SMB Signing Check
      * FDQN to IP Address
      * Grep IP Addresses
      * Nessus Parser
      * Build Review Audit
      * Nessus Merger
      * Nmap2CSV
      * Remove Audio From Videos
   
   * Favourite Reads/Links
   * Hacking Posters
   * Windows Developer VMs
   * Windows Workspaces
   * GitHub Pages
   * Interview Prep
      * Senior Penetration Tester
   
   * CVSS Formula
   * Android Rooting
      * Lineage OS 18.1 on OnePlus X
      * TWRP Recover on OnePlus X
      * Magisk Rooting
   
   * Presentation Slides
      * BlackHat - USA [2022]
 * 🐞Vulnerability Wiki
   * 🌐APPLICATION LEVEL
      * 🔒AUTHENTICATION
         * Authentication Bypass
         * Lack of Password Confirmation
         * 2FA Code Brute-forceable
         * Lack of Verification
         * Lack of Throttling on Form Submissions
         * Lack of Rate Limiting on Login
         * Weak Password Complexity Rules
         * 🖥️SESSION MANAGEMENT
         * 🔑ACCESS CONTROL
     
      * 🔢INPUT VALIDATION
      * ➗CRYPTOGRAPHY
      * 📉LOGGING
      * 📕DATA PROTECTION
      * 📲COMMUNICATION
      * 👨‍💻MALICIOUS CODE
      * 💡LOGIC
      * 🗄️FILE UPLOAD
      * ⚙️API ISSUES
      * 🔍CONFIGURATIONS
   
   * 💾INFRASTRUCTURE LEVEL

Powered by GitBook
On this page
 * 
   EOL Check
 * Remediation
 * Header Modification
 * URL Rewrite

Was this helpful?





MICROSOFT EXCHANGE CLIENT ACCESS SERVER INFORMATION DISCLOSURE

EOL CHECK

Microsoft Exchangeendoflife.date

--------------------------------------------------------------------------------

Connect to the open HTTPS port of your exchange server using OpenSSL and the
command below.


Copy

openssl s_client -host hostname.domain.com -port 443 



Once the connection is made, you will be prompted to input a command.



Paste or input the follows (this will make a GET request to autodiscover.xml
using the command below.)


Copy

GET /autodiscover/autodiscover.xml HTTP/1.0

You need to hit Enter twice after you typed the GET request; before the server
will respond.



This spits out its local IP address under the header WWW-Authenticate: Basic
realm=.

--------------------------------------------------------------------------------

REMEDIATION

The rule will match any WWW-Authenticate Header which includes an IP address in
the WWW-Authenticate field and replace this with the domain name.

HEADER MODIFICATION


Copy

Rule Type: Replace Header
Header Field: WWW-Authenticate
Match String: /(Basic realm=)(\"[0-9]{1,3}.[0-9]{1,3}.[0-9]{1,3}.[0-9]{1,3}\")/
Replacement: \1"domain.com"



This can then be added to the Virtual Service: Virtual Services > View/Modify
Services > Advanced Properties > HTTP Header Modifications > Response Rules.



The internal address is now hidden in all responses and replaced with
www.domain.com:

URL REWRITE

IIS server to deny requests made without the Host header set. They achieve this
by using the URL rewrite module for IIS.

URL Rewrite : The Official Microsoft IIS SiteThe Official Microsoft IIS Site

URL Rewrite Download the URL Rewrite module onto your exchange server and
install it.

PreviousConvert CIDRs to an IP address listNextWeb Server HTTP Header Internal
IP Disclosure

Last updated 1 year ago