This module exploits a deserialization vulnerability present in Microsoft.Exchange.Data.SerializationTypeConverter class when converting powershell remoting objects. This module bypasses the IIS URL Rewrite rules given by Microsoft. This is achieved by not using the autodiscover path confusion (CVE-2022-41040). The deployed agent will run with the SYSTEM privileges.
CVE Link
Exploit Platform
Exploit Type
Product Name