This scenario serves as a guide on how to:
– Understand Microsoft Exchange Memory Corruption vulnerability CVE-2020-0688 found on all versions of windows exchange prior to 2019.
– Carry out a vulnerability scan to detect Microsoft Exchange Memory Corruption vulnerability CVE-2020-0688 and later run an exploit on the target machine to get a remote shell with system privileges on the victim Machine.
– Exploit this vulnerability on the target machine to get a remote shell with system privileges on the victim Machine is also part of what will be demonstrated in this scenario.
OBJECTIVES AND OUTCOME:
After completing this scenario you will be able to:
– Identify Microsoft Exchange Memory Corruption Vulnerability CVE-2020-0688 ,
– Use a publicly available exploit or metasploit to exploit the same.
In order to get the full benefit from this scenario, it is suggested that you have competencies in the following areas:
– Basic Linux and Windows command line knowledge
– Basic understanding of networking
– Familiarity with Metasploit and and exploit modules
– Some knowledge on deserialization of objects
It is suggested that you consult with these recommended reading resources and pre-existing scenarios:
This scenario was created by Timothy Wambua