Paid Advertising
SLA.CKERS.ORG
HA.CKERS SLACKING
Whether this is about ha.ckers.org, sla.ckers.org or some other project you are interested in or want to talk about, throw it in here to get feedback.
OWABF - Outlook Web Access Brute Forcer
Posted by: levaja (IP Logged)
Date: March 09, 2009 08:18AM
Hi,
OWABF can attack OWA/Exchange 2003 & 2007 form based authentication.
It has log/resume option, userlist, passlist, owa version...
You can download it from:
[msforge.net]
Usage is very simple:
owabf.py -s [someserver] -u userlist.txt -p passlist -v 2
If you don't specify passlist, owabf expects to find separate passlist for every username in the userlist.txt. In that case, password files must be named exactly as usernames, eg:
user: foo.bar
passfile: foo.bar
Next version will probably be merged with WMAT (http://sla.ckers.org/forum/read.php?12,26600).
There is a lot of room for improvement (see TODO section in python source).
Community help is appreciated. I am very thankful for your ideas, comments...
Regards,
Dejan Levaja
Network Security Solutions d.o.o.
OWABF can attack OWA/Exchange 2003 & 2007 form based authentication.
It has log/resume option, userlist, passlist, owa version...
You can download it from:
[msforge.net]
Usage is very simple:
owabf.py -s [someserver] -u userlist.txt -p passlist -v 2
If you don't specify passlist, owabf expects to find separate passlist for every username in the userlist.txt. In that case, password files must be named exactly as usernames, eg:
user: foo.bar
passfile: foo.bar
Next version will probably be merged with WMAT (http://sla.ckers.org/forum/read.php?12,26600).
There is a lot of room for improvement (see TODO section in python source).
Community help is appreciated. I am very thankful for your ideas, comments...
Regards,
Dejan Levaja
Network Security Solutions d.o.o.
Sorry, only registered users may post in this forum.
sla.ckers.org RSS feed
Board haX0r3d together by ha.ckers.org, forshizzle.
SecTheory Security Consulting *