Hi,
OWABF can attack OWA/Exchange 2003 & 2007 form based authentication.
It has log/resume option, userlist, passlist, owa version...
You can download it from:
[
msforge.net]
Usage is very simple:
owabf.py -s [
someserver] -u userlist.txt -p passlist -v 2
If you don't specify passlist, owabf expects to find separate passlist for every username in the userlist.txt. In that case, password files must be named exactly as usernames, eg:
user: foo.bar
passfile: foo.bar
Next version will probably be merged with WMAT (http://sla.ckers.org/forum/read.php?12,26600).
There is a lot of room for improvement (see TODO section in python source).
Community help is appreciated. I am very thankful for your ideas, comments...
Regards,
Dejan Levaja
Network Security Solutions d.o.o.