exchange-attack

Installation

SKILL.md

Exchange 邮件服务器攻击方法论

Exchange 在域环境中地位极高——通常拥有 Domain Admin 级权限、存储全公司邮件、保存全员通讯录。攻下 Exchange 几乎等于拿下整个域。

Phase 0: 发现与指纹

0.1 Exchange 路径探测

# 常见 Exchange 路径
curl -sk https://TARGET/owa           # Outlook Web App
curl -sk https://TARGET/ecp           # Exchange Control Panel（管理）
curl -sk https://TARGET/autodiscover/autodiscover.xml
curl -sk https://TARGET/mapi/nspi     # MAPI/HTTP
curl -sk https://TARGET/rpc           # RPC over HTTP
curl -sk https://TARGET/oab           # Offline Address Book
curl -sk https://TARGET/ews           # Exchange Web Services