Skip to content

Exchange OWA

The Exchange OWA module attempts to connect to an Exchange server and check whether it is vulnerable to exploitation (CVE-2021-26855).

Exchange OWA Request Example

curl -v -L https://api.binaryedge.io/v1/tasks -d '{"type":"scan", "options":[{"targets":["X.X.X.X"], "ports":[{"port":443, "protocol":"tcp", "modules":["exchange-owa"]}]}]}' -H "X-Token:<Token>"

Schema

Exchange OWA Event Schema

{
  ...
  "result": {
    "data": {
      "version": {
        "build_version": "string",
        "release_days": "string",
        "release_date": "string",
        "build_name": "string"
      },
      "ecp_enabled": "boolean",
      "rpc_enabled": "boolean",
      "vulnerabilities": [
        "string"
      ],
      "server_names": [
        "string"
      ],
      "iocs": [
        "string"
      ],
      "ews_enabled": "boolean"
    }
  ...
}

Contents of the fields

  • version - Information regarding the remote server's version of Exchange
    • build_version - Build version
    • release_days - Days since release date
    • release_date - Build release data
    • build_name - Build name
  • ecp_enabled - Whether Exchange Control Panel is enabled or not
  • rpc_enabled - Whether RPC Client Access is enabled or not
  • ews_enabled - Whether Exchange Web Services is enabled or not
  • vulnerabilities - Identified Vulnerabilities (CVEs)
  • server_names - Extracted server names
  • iocs - Identified Indicators of Compromise

Exchange OWA Event Example

{
  ...
  "result": {
    "data": {
      "version": {
        "build_version": "15.2.858.9",
        "release_days": "77",
        "release_date": "2021-04-19",
        "build_name": "Exchange Server 2019 CU9 + KB5001779"
      },
      "ecp_enabled": true,
      "rpc_enabled": true,
      "vulnerabilities": [],
      "server_names": [
        "U2-MBX2"
      ],
      "iocs": [],
      "ews_enabled": true
    }
  ...
}