Msprobe - Finding All Things On-Prem Microsoft For Password Spraying And Enumeration

2 years ago 170

BOOK THIS SPACE FOR AD

ARTICLE AD

Finding all things on-prem Microsoft for password spraying and enumeration.

The tool will used a list of common subdomains associated with your target apex domain to attempt to discover valid instances of on-prem Microsoft solutions. Screenshots of the tool in action are below:

Installing

Install the project using pipx

pipx install git+https://github.com/puzzlepeaches/msprobe.git

Usage

The tool has four different modules that assist with the discovery of on-prem Microsoft products:

Exchange RD Web ADFS Skype for Business

The help menu and supported modules are shown below:

Usage: msprobe [OPTIONS] COMMAND [ARGS]...

Find Microsoft Exchange, RD Web, ADFS, and Skype instances

Options:
--help Show this message and exit.

Commands:
adfs Find Microsoft ADFS servers
exch Find Microsoft Exchange servers
full Find all Microsoft supported by msprobe
rdp Find Microsoft RD Web servers
skype Find Microsoft Skype servers

Examples

Find ADFS servers associated with apex domain:

Find RD Web servers associated with apex domain with verbose output:

Find all Microsoft products hostsed on-prem for a domain:

Coming Soon

Full wiki for each module Fixes for lxml based parsing in RD Web module

Acknowledgements

@p0dalirius for RDWArecon @b17zr for the ntlm_challenger.py script @ReverendThing for his project Carnivore and it's included subdomains @busterbcook and their tool msmailprobe heavily influenced the creation of this project

Msprobe - Finding All Things On-Prem Microsoft For Password Spraying And Enumeration Reviewed by Zion3R on 8:30 AM Rating: 5

Read Entire Article