Microsoft Exchange Vulnerability (CVE-2020-0688)

SCENARIO INFORMATION

DESCRIPTION:

This scenario serves as a guide on how to:

Understand Microsoft Exchange Memory Corruption vulnerability CVE-2020-0688 found on all versions of windows exchange prior to 2019.

Carry out a vulnerability scan to detect Microsoft Exchange Memory Corruption vulnerability CVE-2020-0688 and later run an exploit on the target machine to get a remote shell with system privileges on the victim Machine.

Exploit this vulnerability on the target machine to get a remote shell with system privileges on the victim Machine is also part of what will be demonstrated in this scenario.

OBJECTIVES AND OUTCOME:

After completing this scenario you will be able to:

– Identify Microsoft Exchange Memory Corruption Vulnerability CVE-2020-0688 ,
– Use a publicly available exploit or metasploit to exploit the same.

PRE-REQUISITES:

In order to get the full benefit from this scenario, it is suggested that you have competencies in the following areas:

– Basic Linux and Windows command line knowledge
– Basic understanding of networking
– Familiarity with Metasploit and and exploit modules
– Some knowledge on deserialization of objects

RECOMMENDED READING:

It is suggested that you consult with these recommended reading resources and pre-existing scenarios:

https://www.zerodayinitiative.com/blog/2020/2/24/cve-2020-0688-remote-code-execution-on-microsoft-exchange-server-through-fixed-cryptographic-keys

https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-0688

https://www.security7.net/news/cve-2020-0688-patch-your-exchange-servers

AUTHOR:

This scenario was created by Timothy Wambua

MODE SINGLEPLAYER
Type CYBER CHALLENGE
DIFFICULTY HARD
TIME 1 HOUR
COST 10 GEMS

Start Scenario

RegisterLogin
Share on facebook
Facebook
Share on twitter
Twitter
Share on linkedin
LinkedIn
Share on reddit
Reddit
Share on whatsapp
WhatsApp
Share on telegram
Telegram
Scroll to Top