Comments (9)
staaldraad
commented on May 28, 2024
1
@vysec So I've played with Outlook.com
not sure why it is responding with this message (could be my account, I'm using a @live.co.uk address)
./ruler -user "" -pass XXXXX -email "[email protected]" -display -url https://autodiscover-s.outlook.com/autodiscover/autodiscover.xml
[*] Retrieving MAPI info
[*] Doing Autodiscover for domain
[+] MAPI URL found: https://outlook.office365.com/mapi/emsmdb/[email protected]
[+] User DN: /o=First Organization/ou=Exchange Administrative Group(FYDIBOHF23SPDLT)/cn=Recipients/cn=0003BFFDFEF9FB24
[*] Got Context, Doing ROPLogin
[*] And we are authenticated
[+] Mailbox GUID: [220 86 29 50 168 9 48 75 141 188 145 204 159 10 225 226]
[*] Openning the Inbox
[+] Retrieving Rules
[+] Found 0 rules
[*] And disconnecting from server
I'll try dig into the documentation when I've got some more time.
Thanks for trying it out! I'll see about adding some more intelligence to try both http and https :)
from ruler.
vysecurity
commented on May 28, 2024
1
Thanks for your hard work :) I look forward to further using the tool and will test again this evening.
from ruler.
staaldraad
commented on May 28, 2024
hi! Can you please give more context? this usually occurs if one of the following conditions exist:
1.) the domain does not have Autodiscover configured
To check for autodiscover domain -- host autodiscover.targetdomain.com
2.) check if the either of the following pages exist:
https://autodiscover.targetdomain.com/autodiscover/autodiscover.xml
https://targetdomain.com/autodiscover/autodiscover.xml
https://mail.targetdomain.com/autodiscover/autodiscover.xml
https://webmail.targetdomain.com/autodiscover/autodiscover.xml
3.) The credentials you are using are not valid. Try using the parameter: -basic to force basic authentication (NTLM might be disabled)
from ruler.
vysecurity
commented on May 28, 2024
Same issue, I cannot even autodiscover outlook.com to add a rule to my own inbox.
from ruler.
ssssanr
commented on May 28, 2024
Microsoft Exchange© 2010 Microsoft
Microsoft Outlook 2010
win7 64
Autodiscover/Autodiscover.xml,Need "http_html"Authentication
from ruler.
staaldraad
commented on May 28, 2024
I've pushed an update to ruler so that there is more verbose output when Autodiscover fails. Can you please try that.
Alternatively use: https://testconnectivity.microsoft.com/ and select "outlook autodiscover".
If you can pass me the results here I can troubleshoot better. However Exchange 2010 doesn't come with MAPI/HTTP support unless SP1 has been applied and the protocol enabled (as far as I know)
from ruler.
staaldraad
commented on May 28, 2024
@vysec the issue without Outlook.com seems to be that autodiscover.outlook.com is on HTTP only, Ruler tries to do https://autodiscover.outlook.com
Forcing it with either: -url https://autodiscover-s.outlook.com/autodiscover/autodiscover.xml or -url http://autodiscover.outlook.com/autodiscover/autodiscover.xml
works.
Based on what i've seen with live.com/hotmail.com - it uses a slightly different request format for autodiscover.
The XML schema is http://schemas.microsoft.com/exchange/autodiscover/mobilesync/requestschema/2006 instead of the usual http://schemas.microsoft.com/exchange/autodiscover/outlook/requestschema/2006
you can try changing
const autodiscoverXML = `<?xml version="1.0" encoding="utf-8"?><Autodiscover xmlns="http://schemas.microsoft.com/exchange/autodiscover/outlook/requestschema/2006">
<Request><EMailAddress>{{.Email}}</EMailAddress>
<AcceptableResponseSchema>http://schemas.microsoft.com/exchange/autodiscover/outlook/responseschema/2006a</AcceptableResponseSchema>
</Request></Autodiscover>`
To
const autodiscoverXML = `<Request><EMailAddress>{{.Email}}</EMailAddress><AcceptableResponseSchema>http://schemas.microsoft.com/exchange/autodiscover/mobilesync/responseschema/2006</AcceptableResponseSchema></Request></Autodiscover>`
Let me know how this goes, I've got a feeling there will be another issue that comes up, either no MAPI/HTTP or it is expecting mobisync, which isn't supported (yet)
Please bare in mind this was created to go after Exchange as deployed in corporate environments, rather than outlook.com/hotmail.com/live.com ect which are more geared towards webmail and mobile than Outlook native clients.
from ruler.
vysecurity
commented on May 28, 2024
When I try your request, I get:
Domain Required...? Exact same request you put.
from ruler.
staaldraad
commented on May 28, 2024
I think you solved this, based off of the tweet. I updated ruler.go as it was only checking for -domain and not -url
https://github.com/sensepost/ruler/blob/master/ruler.go#L68-L70
So latest version should work for anyone running into the same problem. The dev branch contains a version of autodiscover that will try 3 different ways of finding the autodiscover record, the same way Outlook does it (and it now tries http)
from ruler.
Related Issues (20)
- This is an amazing tool, but I found a little bug in your code! HOT 3
- GetMessageFast starts to receive errors from EXCHANGE when Ruler is downloading more than 21 messages HOT 2
- problems with corporative o365 HOT 2
- RPC Connection refused HOT 2
- Is there an option to create mail forwarder rule? HOT 1
- c.GlobalString undefined (type *cli.Context has no field or method GlobalString) HOT 3
- Valid creds not working HOT 1
- panic: runtime error: invalid memory address or nil pointer dereference HOT 1
- Is there a way to output valid credentials to a file for the brute force? HOT 1
- About panic: runtime error: slice bounds out of range [16:0]
- x509 error: certificate signed by unknown authority HOT 2
- The autodiscover service request did not complete.
- Create rule that does not delete the message afterwards HOT 1
- a transport layer error occurred once WEP is enabled on the exchange server
- When the rules are operated, the source code compilation error "RPC Timeout" is reported, and the files downloaded by releases are normal
- There are some problems with RPC over HTTP
- Unable to install on arm64 linux
- 'Wrong WWW-Authenticate header' error brute forcing OWA
- RULER NOT WORKING
- Outlook
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from ruler.