CSV Microsoft Exchange Outlook - corporate hosts (100k+) Leak by marmalade_knight
by marmalade_knight - September 13, 2021 at 01:09 AM
#1
Heart 
This is a base of corporate self-hosted Microsoft Outlook Exchange that is recently vulnerable for a variety published CVE.
List contains 100k+ IPs from all internet.
Enjoy:

Links to Download Hidden Content
You must register or login to view this content.


password: shadypower

Screenshots:

[Image: report-scrn1.png]
[Image: report-scrn2.png]
[Image: report-scrn3.png]

[Image: notpatched.png]

[attachment=2078]
[attachment=2079]
[attachment=2080]
Reply
#2
Upload screengrabs to image host !
Reply
#3
(September 13, 2021 at 03:31 AM)Crin Wrote: Upload screengrabs to image host !

 Added screenshot sample
Reply
#4
its just 15 servers on 8 credit sample :( what a waste
Reply
#5
(September 13, 2021 at 11:38 AM)Gladius3s Wrote: its just 15 servers on 8 credit sample :( what a waste

Open your eyes, man, 100,583 IP addressed of hosts with corporate Outlook

[Image: Screenshot-2021-09-13-07-54-59.png]
Reply
#6
(September 13, 2021 at 12:56 PM)marmalade_knight Wrote:
(September 13, 2021 at 11:38 AM)Gladius3s Wrote: its just 15 servers on 8 credit sample :( what a waste

Open your eyes, man, 100,583 IP addressed of hosts with corporate Outlook

[Image: Screenshot-2021-09-13-07-54-59.png]

is it a hack leak? or just a raw target list via a possible cve exploit?
Reply
#7
looks good to me, thanks for this
Reply
#8
is it from Shodan or from FOFA????
Based on the no or records, would  say that it is from Shodan published a few weeks ago

(September 13, 2021 at 01:09 AM)marmalade_knight Wrote: This is a base of corporate self-hosted Microsoft Outlook Exchange that is recently vulnerable for a variety published CVE.
List contains 100k+ IPs from all internet.
Enjoy:

[Hidden Content]

password: shadypower

Screenshots:

[Image: report-scrn1.png]
[Image: report-scrn2.png]
[Image: report-scrn3.png]

[Image: notpatched.png]
Reply
#9
Thank you! This might come in handy.
Reply
#10
(September 13, 2021 at 01:28 PM)micko05 Wrote: is it from Shodan or from FOFA????
Based on the no or records, would  say that it is from Shodan published a few weeks ago

Yep, you're right. It's a thread for original leak additionally updated by the same author ( marmalade_knight )
Fofa release is still semi-private, so will be publish it here also someday. Not sure how fast I can gain reputation here.

(September 13, 2021 at 01:15 PM)Kristina Wrote: is it a hack leak? or just a raw target list via a possible cve exploit?
Kris, it's a database leak with raw targets list with a possible CVE exploit.
Reply
#11
(September 13, 2021 at 12:56 PM)marmalade_knight Wrote:
(September 13, 2021 at 11:38 AM)Gladius3s Wrote: its just 15 servers on 8 credit sample :( what a waste

Open your eyes, man, 100,583 IP addressed of hosts with corporate Outlook

[Image: Screenshot-2021-09-13-07-54-59.png]

I do cve scan from beginnig, from 4172 server from in the list only on 12 Exploit worked, so dumping exchange servers from shodan and promoting it as they are vulnerable makes no sense mate
Reply
#12
(September 13, 2021 at 04:40 PM)Gladius3s Wrote: I do cve scan from beginnig, from 4172 server from in the list only on 12 Exploit worked, so dumping exchange servers from shodan and promoting it as they are vulnerable makes no sense mate

I'm not promoting any vulnerability for you, man.
If you're looking for such things you need to have knowledge in exploiting and be able to make something except running well know public checkers from github for nuclei or etc. Or look someone who has corp access already.
Good luck
Reply

Possibly Related Threads…
Thread Author Replies Views Last Post
AlphaEx Cryptocurrency Exchange DB Corvinus 11 2,946 November 28, 2021 at 03:49 PM
Last Post: ForumRAID
Edu Intermediate IT Scraped from Microsoft Teams CSV Kowloon 3 2,959 November 14, 2021 at 09:37 AM
Last Post: YikesBoi16
TXT Corporate email access Sentap 3 2,125 November 02, 2021 at 11:10 AM
Last Post: Sentap

 Users browsing this thread: annaivanavna, 1 Guest(s)