Exchange

Enumeration

ExchangeFinder

ExchangeFinder is a tool that attempts to identify Microsoft Exchange instances for a given domain based on the top common DNS names for Microsoft Exchange. Additionally, ExchangeFinder can identify the version of Microsoft Exchange utilized by the target.

# ExchangeFinder basic usage
python3 exchangefinder.py --domain $domain

Enumerating Users Manually

POST /autodiscover/autodiscover.xml HTTP/1.1
Host: exch01.parzival.sh
User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Outlook 16.0.10730; Pro)
Authorization: Basic Q09OVE9TT1x1c2VyMDE6UEBzc3cwcmQ=
Content-Length: 341
Content-Type: text/xml

<Autodiscover xmlns="http://schemas.microsoft.com/exchange/autodiscover/outlook/requestschema/2006">
    <Request>
      <EMailAddress>$email</EMailAddress>
      <AcceptableResponseSchema>http://schemas.microsoft.com/exchange/autodiscover/outlook/responseschema/2006a</AcceptableResponseSchema>
    </Request>
</Autodiscover>

References

Attacking MS Exchange Web InterfacesPT SWARM

PreviousWordpress NextOffice365

Last updated 1 year ago