OWABF - Outlook Web Access Brute Forcer

sla.ckers.org is
ha.ckers sla.cking

Whether this is about ha.ckers.org, sla.ckers.org or some other project you are interested in or want to talk about, throw it in here to get feedback.

Go to Topic: Previous•Next

Go to: Forum List•Message List•New Topic•Search•Log In

OWABF - Outlook Web Access Brute Forcer

Posted by: levaja

Date: March 09, 2009 08:18AM

Hi,
OWABF can attack OWA/Exchange 2003 & 2007 form based authentication.
It has log/resume option, userlist, passlist, owa version...
You can download it from:
http://msforge.net/blogs/levaja/archive/2009/03/09/owafb-owa-brute-forcer.aspx

Usage is very simple:
owabf.py -s https://someserver -u userlist.txt -p passlist -v 2
If you don't specify passlist, owabf expects to find separate passlist for every username in the userlist.txt. In that case, password files must be named exactly as usernames, eg:
user: foo.bar
passfile: foo.bar

Next version will probably be merged with WMAT (http://sla.ckers.org/forum/read.php?12,26600).

There is a lot of room for improvement (see TODO section in python source).
Community help is appreciated. I am very thankful for your ideas, comments...

Regards,
Dejan Levaja
Network Security Solutions d.o.o.

Options: Reply•Quote

Go to: Forum List•Message List•Search•Log In

Sorry, only registered users may post in this forum.

Click here to login