This Metasploit module exploits a privilege escalation vulnerability found in Microsoft Exchange - CVE-2019-0724 Execution of the module will force Exchange to authenticate to an arbitrary URL over HTTP via the Exchange PushSubscription feature. This allows us to relay the NTLM authentication to a Domain Controller and authenticate with the privileges that Exchange is configured. The module is based on the work by @_dirkjan,.
9f8ccd3febae1d6a5a140ff0111ba4264db42cc77adc0776d3f47273870024c9
Proof of concept exploit for the Windows Zerologon vulnerability as noted in CVE-2020-1472. By default, it changes the password of the domain controller account.
c33a65409db7ea9ced3d7e9d9df80a4e2cef77b787ac47ff949764da970ec602