Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
Whether this is about ha.ckers.org, sla.ckers.org or some other project you are interested in or want to talk about, throw it in here to get feedback. 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
OWABF - Outlook Web Access Brute Forcer
Posted by: levaja
Date: March 09, 2009 08:18AM

Hi,
OWABF can attack OWA/Exchange 2003 & 2007 form based authentication.
It has log/resume option, userlist, passlist, owa version...
You can download it from:
http://msforge.net/blogs/levaja/archive/2009/03/09/owafb-owa-brute-forcer.aspx


Usage is very simple:
owabf.py -s https://someserver -u userlist.txt -p passlist -v 2
If you don't specify passlist, owabf expects to find separate passlist for every username in the userlist.txt. In that case, password files must be named exactly as usernames, eg:
user: foo.bar
passfile: foo.bar


Next version will probably be merged with WMAT (http://sla.ckers.org/forum/read.php?12,26600).

There is a lot of room for improvement (see TODO section in python source).
Community help is appreciated. I am very thankful for your ideas, comments...

Regards,
Dejan Levaja
Network Security Solutions d.o.o.

Options: ReplyQuote


Sorry, only registered users may post in this forum.