| | 1 | + | $target = "mail.local" |
| | 2 | + | try |
| | 3 | + | { |
| | 4 | + | $webtest = Invoke-WebRequest -uri "https://$target/autodiscover" |
| | 5 | + | } |
| | 6 | + | catch |
| | 7 | + | { |
| | 8 | + | Write-Host $_.ErrorDetails.Message; |
| | 9 | + | $Failure = $_.Exception.Response |
| | 10 | + | $Failure.Headers.tostring() |
| | 11 | + | } |
| | 12 | + | |
| | 13 | + | try |
| | 14 | + | { |
| | 15 | + | $webtest = invoke-webrequest -uri "https://$target/autodiscover/[email protected]/owa/&Email=autodiscover/[email protected]&Protocol=XYZ&FooProtocol=Powershell" |
| | 16 | + | } |
| | 17 | + | catch |
| | 18 | + | { |
| | 19 | + | $Failure = $_.Exception.Response |
| | 20 | + | $Failure.Headers.tostring() |
| | 21 | + | $Failure.Headers.tostring() | findstr /I "X-OWA-Version" |
| | 22 | + | $Failure.Headers.tostring() | findstr /I "X-FEServer" |
| | 23 | + | if($Failure.Headers -contains "X-FEServer") |
| | 24 | + | { |
| | 25 | + | write-host "Poentially vulnerable to CVE-2022-40140 & CVE-2022-41082" -ForegroundColor Red |
| | 26 | + | } |
| | 27 | + | |
| | 28 | + | |
| | 29 | + | } |
| | 30 | + | |
Daniel Card
committed
with
GitHub
2 years ago
1 parent 4562ccdd