| 1 | 1 | | $target = "mail.local" |
| | 2 | + | $checkdns = Resolve-DnsName $target -ErrorAction SilentlyContinue |
| | 3 | + | |
| | 4 | + | if($checkdns){ |
| | 5 | + | Write-host "Running autodiscover test..." -ForegroundColor Cyan |
| 2 | 6 | | try |
| 3 | 7 | | { |
| 4 | | - | $webtest = Invoke-WebRequest -uri "https://$target/autodiscover" |
| | 8 | + | $webtest1 = Invoke-WebRequest -uri "https://$target/autodiscover" |
| 5 | 9 | | } |
| 6 | 10 | | catch |
| 7 | 11 | | { |
| skipped 2 lines |
| 10 | 14 | | $Failure.Headers.tostring() |
| 11 | 15 | | } |
| 12 | 16 | | |
| | 17 | + | |
| | 18 | + | |
| | 19 | + | Write-host "Running autodiscover SSRF test..." -ForegroundColor Cyan |
| 13 | 20 | | try |
| 14 | 21 | | { |
| 15 | | - | $webtest = invoke-webrequest -uri "https://$target/autodiscover/[email protected]/owa/&Email=autodiscover/[email protected]&Protocol=XYZ&FooProtocol=Powershell" |
| | 22 | + | write-host "testing site..." -ForegroundColor Gray |
| | 23 | + | $webtest2 = invoke-webrequest -uri "https://$target/autodiscover/[email protected]/owa/&Email=autodiscover/[email protected]&Protocol=XYZ&FooProtocol=Powershell" |
| 16 | 24 | | } |
| 17 | 25 | | catch |
| 18 | 26 | | { |
| 19 | | - | $Failure = $_.Exception.Response |
| 20 | | - | $Failure.Headers.tostring() |
| 21 | | - | $Failure.Headers.tostring() | findstr /I "X-OWA-Version" |
| 22 | | - | $Failure.Headers.tostring() | findstr /I "X-FEServer" |
| 23 | | - | if($Failure.Headers -contains "X-FEServer") |
| 24 | | - | { |
| 25 | | - | write-host "Poentially vulnerable to CVE-2022-40140 & CVE-2022-41082" -ForegroundColor Red |
| | 27 | + | write-host "Caught" -ForegroundColor Red |
| | 28 | + | $Failure = $_.Exception.Response |
| | 29 | + | $Failure.Headers.tostring() |
| | 30 | + | $Failure.Headers.tostring() | findstr /I "X-OWA-Version" |
| | 31 | + | $Failure.Headers.tostring() | findstr /I "X-FEServer" |
| | 32 | + | if($Failure.Headers -contains "X-FEServer") |
| | 33 | + | { |
| | 34 | + | write-host "Poentially vulnerable to CVE-2022-40140 & CVE-2022-41082" -ForegroundColor Red |
| | 35 | + | } |
| 26 | 36 | | } |
| 27 | 37 | | |
| 28 | 38 | | |
| | 39 | + | if($webtest2.StatusCode -eq 200) |
| | 40 | + | { |
| | 41 | + | write-host "Authenticated to Server" -ForegroundColor Green |
| | 42 | + | if($webtest2.Headers.Keys -contains "X-FEServer") |
| | 43 | + | { |
| | 44 | + | write-host "Poentially vulnerable to CVE-2022-40140 & CVE-2022-41082" -ForegroundColor Red |
| | 45 | + | } |
| | 46 | + | } |
| | 47 | + | |
| | 48 | + | } |
| | 49 | + | else |
| | 50 | + | { |
| | 51 | + | write-host "DNS does not resolve" -ForegroundColor Red |
| 29 | 52 | | } |
| 30 | 53 | | |
Daniel Card
committed
with
GitHub
2 years ago
1 parent 81181e40