At a financial institution a search for “*credit card*” might reveal where employees have been sending credit card numbers in cleartext over email. At an energy company a search for “*scada*” or “*industrial control system*” might return a conversation detailing the location of sensitive ICS devices.
#Mail viewer equivalent to mailraider how to
For example, a simple search for the term “*password*” in the body and subject of every email might return instructions on how to access certain systems along with what credentials to use. Having the power to search through email is huge when hunting for sensitive data. “By default, the script looks for ‘*password*’, ‘*creds*’, ‘*credentials*’,” he explained.īullock had plenty of other search suggestions which could be used to discover sensitive information, insider intel and network architecture information. Options within the global mail search function include such things as impersonation, gaining the Exchange administrator’s username and password, as well as terms to search for in the email subject and body. Bullock steps readers through how to obtain “full access” rights since getting a Domain Admin account doesn’t necessarily grant those rights. Invoke-GlobalMailSearch searches through all mailboxes on an Exchange server. Search every mailbox on an Exchange server It becomes a brand new privilege escalation vector.” But when you start to consider how often we as pentesters gain access to other user’s credentials during engagements, and combine that then with the ability to search their email from a PowerShell script, it becomes much more powerful. Regarding Invoke-SelfSearch, Bullock said, “The ability to search your own email in a pentesting situation may seem at first like something that wouldn’t be all that useful. Invoke-GlobalMailSearch and Invoke-SelfSearch are the two main functions in MailSniper. His research, however, led to a second function of searching a current user’s email. “I wanted this to be a tool that could operate completely remote from any host on the network to the Exchange server, meaning an interactive session (RDP, VNC, etc.) was not required,” he wrote. While Microsoft Exchange does have tools for searching email, Bullock was intent on creating a tool which could provide a new search function capable of searching every mailbox in a domain for specific terms.
0 kommentar(er)
