Kali Linux

Msmailprobe : Office 365 And Exchange Enumeration

Msmailprobe is widely known that OWA (Outlook Web app) is vulnerable to time-based user enumeration attacks. This tool leverages all known, and even some lesser-known services exposed by default Exchange installations to enumerate users. It also targets Office 365 for error-based user enumeration.

Getting Started

If you want to download and compile the simple, non-dependant code, you must first install GoLang! I will let the incredible documentation, and other online resources help you with this task.

https://golang.org/doc/install

You may also download the compiled release here.

Syntax

List examples of commands for this applications, but simply running the binary with the examples command:

./msmailprobe examples

You can also get more specific help by running the binary with the arguments you are interested in:

./msmailprobe identify
./msmailprobe userenum
./msmailprobe userenum –onprem
./msmailprobe userenum –o365

Usage

Identify Command

  • Used for gathering information about a host that may be pointed towards an Exchange or o365 tied domain
  • Queries for specific DNS records related to Office 365 integration
  • Attempts to extract internal domain name for onprem instance of Exchange
  • Identifies services vulnerable to time-based user enumeration for onprem Exchange
  • Lists password-sprayable services exposed for onprem Exchange host

Flag to use:
-t to specify target host
Example:
./msmailprobe identify -t mail.target.com

Userenum (o365) Command

  • Error-based user enumeration for Office 365 integrated email addresses

Flags to use:
-E for email list OR -e for single email address
-o [optional]to specify an out file for valid emails identified
–threads [optional] for setting amount of requests to be made concurrently
Examples:
./msmailprobe userenum –o365 -E emailList.txt -o validemails.txt –threads 25
./msmailprobe userenum –o365 -e admin@target.com

Userenum (onprem) Command

  • Time-based user enumeration against multiple onprem Exchange services

Flags to use:
-t to specify target host
-U for user list OR -u for single username
-o [optional]to specify an out file for valid users identified
–threads [optional] for setting amount of requests to be made concurrently
Examples:
./msmailprobe userenum –onprem -t mail.target.com -U userList.txt -o validusers.txt –threads 25
./msmailprobe userenum –onprem -t mail.target.com -u admin

Download

R K

Leave a Comment
Share
Published by
R K
Tags: Exchange EnumerationMsmailprobeoffice 365
3 years ago

Recent Posts

Kali Linux 2024.4 Released, What’s New?

Kali Linux 2024.4, the final release of 2024, brings a wide range of updates and…

2 days ago

Lifetime-Amsi-EtwPatch : Disabling PowerShell’s AMSI And ETW Protections

This Go program applies a lifetime patch to PowerShell to disable ETW (Event Tracing for…

2 days ago

GPOHunter – Active Directory Group Policy Security Analyzer

GPOHunter is a comprehensive tool designed to analyze and identify security misconfigurations in Active Directory…

4 days ago

2024 MITRE ATT&CK Evaluation Results – Cynet Became a Leader With 100% Detection & Protection

Across small-to-medium enterprises (SMEs) and managed service providers (MSPs), the top priority for cybersecurity leaders…

7 days ago

SecHub : Streamlining Security Across Software Development Lifecycles

The free and open-source security platform SecHub, provides a central API to test software with…

1 week ago

Hawker : The Comprehensive OSINT Toolkit For Cybersecurity Professionals

Don't worry if there are any bugs in the tool, we will try to fix…

1 week ago