Microsoft Exchange Vulnerability (CVE-2020-0688)

SCENARIO INFORMATION

DESCRIPTION:

This scenario serves as a guide on how to:

Understand Microsoft Exchange Memory Corruption vulnerability CVE-2020-0688 found on all versions of windows exchange prior to 2019.

Carry out a vulnerability scan to detect Microsoft Exchange Memory Corruption vulnerability CVE-2020-0688 and later run an exploit on the target machine to get a remote shell with system privileges on the victim Machine.

Exploit this vulnerability on the target machine to get a remote shell with system privileges on the victim Machine is also part of what will be demonstrated in this scenario.

OBJECTIVES AND OUTCOME:

After completing this scenario you will be able to:

– Identify Microsoft Exchange Memory Corruption Vulnerability CVE-2020-0688 ,
– Use a publicly available exploit or metasploit to exploit the same.

PRE-REQUISITES:

In order to get the full benefit from this scenario, it is suggested that you have competencies in the following areas:

– Basic Linux and Windows command line knowledge
– Basic understanding of networking
– Familiarity with Metasploit and and exploit modules
– Some knowledge on deserialization of objects

RECOMMENDED READING:

It is suggested that you consult with these recommended reading resources and pre-existing scenarios:

https://www.zerodayinitiative.com/blog/2020/2/24/cve-2020-0688-remote-code-execution-on-microsoft-exchange-server-through-fixed-cryptographic-keys

https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-0688

https://www.security7.net/news/cve-2020-0688-patch-your-exchange-servers

AUTHOR:

This scenario was created by Timothy Wambua

MODE SINGLEPLAYER
Type CYBER CHALLENGE
DIFFICULTY HARD
TIME 1 HOUR

Start Scenario

RegisterLogin

Other Scenarios

Facebook
Twitter
LinkedIn
Reddit
WhatsApp
Telegram
Scroll to Top

Upcoming Webinar Events

Join CYBER RANGES and guests on live Webinars and Bootcamps

Sign up to learn skills and practise on the CYBER RANGES platform