ruler: abuse Exchange services – Penetration Testing

Ruler is a tool that allows you to interact with Exchange servers remotely, through either the MAPI/HTTP or RPC/HTTP protocol. The main aim is abuse the client-side Outlook features and gain a shell remotely.

The full low-down on how Ruler was implemented and some background regarding MAPI can be found in our blog posts:

Ruler release

Pass the Hash with Ruler

Outlook forms and shells.

What does it do?

Ruler has multiple functions and more are planned. These include

Enumerate valid users

Create new malicious mail rules

Dump the Global Address List (GAL)

VBScript execution through forms

Ruler attempts to be semi-smart when it comes to interacting with Exchange and uses the Autodiscover service (just as your Outlook client would) to discover the relevant information.



Ruler has multiple functions, these have their own documentation that can be found in the wiki:

BruteForce — discover valid user accounts

Rules — perform the traditional, rule based attack

Forms — execute VBScript through forms

GAL — grab the Global Address List



The post ruler: abuse Exchange services appeared first on Penetration Testing.


Deixe um comentário

Preencha os seus dados abaixo ou clique em um ícone para log in:

Logotipo do

Você está comentando utilizando sua conta Sair /  Alterar )

Foto do Google+

Você está comentando utilizando sua conta Google+. Sair /  Alterar )

Imagem do Twitter

Você está comentando utilizando sua conta Twitter. Sair /  Alterar )

Foto do Facebook

Você está comentando utilizando sua conta Facebook. Sair /  Alterar )


Conectando a %s