Microsoft Exchange Web Service - Detect
ID: ms-exchange-web-service
Severity: info
Author: bhutch,userdehghani
Tags: ms,microsoft,exchange,tech,panel
Description
Section titled “Description”Microsoft Exchange Web Services was detected.
YAML Source
Section titled “YAML Source”id: ms-exchange-web-service
info: name: Microsoft Exchange Web Service - Detect author: bhutch,userdehghani severity: info description: | Microsoft Exchange Web Services was detected. reference: - https://learn.microsoft.com/en-us/exchange/client-developer/exchange-web-services/start-using-web-services-in-exchange - https://pentestlab.blog/tag/ews/ classification: cpe: cpe:2.3:a:microsoft:exchange_server:*:*:*:*:*:*:*:* metadata: verified: true max-request: 2 vendor: microsoft product: "exchange_server" shodan-query: - "http.favicon.hash:1768726119" - http.title:"outlook" - cpe:"cpe:2.3:a:microsoft:exchange_server" fofa-query: - icon_hash=1768726119 - title="outlook" google-query: intitle:"outlook" tags: ms,microsoft,exchange,tech,panel
http: - method: GET path: - "{{BaseURL}}/EWS/Exchange.asmx" - "{{BaseURL}}/owa/service.svc"
stop-at-first-match: true matchers-condition: and matchers: - type: regex part: header regex: - "(?i)(X-Owa-Version:)"
- type: status status: - 401 - 302
extractors: - type: kval kval: - x_owa_version# digest: 4a0a0047304502206546e1bbfae2ded34e04dc6d1c1298db3b7ff6918e797b965d0a5b6950f5fcab022100f5fea3444cea4110759752618589b8d80f6c06634393036561e6779503943242:922c64590222798bb761d5b6d8e72950Guide to check the vulnerabilities
Section titled “Guide to check the vulnerabilities”This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.
$ nuclei -u "URL" -t "http/exposed-panels/ms-exchange-web-service.yaml"