Unknown error code returned - 401

[kort3x]

First of all: Thanks for the script.

I tried it against multiple servers, always getting this error:

nmap -sT -p 443 -P0 --script http-vuln-exchange-proxyshell.nse host.domain.de
Starting Nmap 7.92 ( https://nmap.org ) at 2021-08-10 14:53 Mitteleuropõische Sommerzeit
Nmap scan report for host.domain.de (xxx.xxx.xxx.xxx)
Host is up (0.00s latency).

PORT    STATE SERVICE
443/tcp open  https
|_http-vuln-exchange-proxyshell: Unknown error code returned - 401 - maybe not an Exchange server

I am a complete nmap noob - am i doing it wrong?

[kort3x]

nevermind - figured it out

I hadn't customized the script for the domains.

Sorry

[kort3x]

for others:

you have to change the domain in line 29 from test.com to your domain.

[GossiTheDog]

huh, you shouldn't need to do that @kort3x

I think I'm going to add 401 as a not vulnerable response code, it looks like some environments give that

[jernejs]

Yeah, changing the domain inside the script doesn't affect my output (and all 5 Exchange servers I tested against return 401).

[kort3x]

guess i reopen then

[kort3x]

no idea why behavior changed for me - it now works aganist all servers no matter what domain i use in line 29

[kerobra]

I get a 401 on every Exchange 2016 installation that I checked, and a "not vulnerable" only on the Exchange 2013 installations. I have no Exchange 2019 to verify.