## https://sploitus.com/exploit?id=CCCEB270-F458-5DD1-8102-FBAB33DC514C
This is a proof-of-concept (PoC) tool for abusing Microsoft Exchange to obtain Domain Admin privileges. The tool, named PrivExchange, requires the Impacket library and can be used to subscribe to push notifications on Exchange Web Services, which will make Exchange connect back to the attacker and authenticate as system. The attack can be performed without credentials using the HTTPAttack module, which is part of the Impacket library. The tool is designed to be used with ntlmrelayx.py, a tool that can be used to perform NTLM relay attacks. The PrivExchange tool logs in on Exchange Web Services to subscribe to push notifications, making Exchange connect back to the attacker and authenticate as system. The HTTPAttack module can be used to perform the attack without credentials. The tool requires Impacket, a Python library for working with Windows protocols, and can be installed using pip. The PrivExchange tool is a Python script that logs in on Exchange Web Services to subscribe to push notifications, making Exchange connect back to the attacker and authenticate as system. The HTTPAttack module is a Python script that can be used to perform the attack without credentials. The tool is designed to be used with ntlmrelayx.py, a tool that can be used to perform NTLM relay attacks. The PrivExchange tool