Quickpost: “ProxyLogon PoC” Capture File

I was able to get the “ProxyLogon PoC” Python script running against a vulnerable Exchange server in a VM. It required some tweaks to the code, and also a change in Exchange permissions, as explained in this tweet by @irsdl.

I created a capture file:

More details will follow.

proxylogon-poc-capture-with-keys.zip (https)
MD5: 126B936C76EF0519E07D1249D4C3C32A
SHA256: E6028FAD90498424B36755E9A4750B2735DD2988CAC933A7C9B0097B7903700D

Quickpost info

Article Link: https://blog.didierstevens.com/2021/03/12/quickpost-proxylogon-poc-capture-file/