The full low-down on how Ruler was implemented and some background regarding MAPI can be found in our blog posts:
Pass the Hash with Ruler
Outlook forms and shells.
What does it do?
Ruler has multiple functions and more are planned. These include
Enumerate valid users
Create new malicious mail rules
Dump the Global Address List (GAL)
VBScript execution through forms
Ruler attempts to be semi-smart when it comes to interacting with Exchange and uses the Autodiscover service (just as your Outlook client would) to discover the relevant information.
Ruler has multiple functions, these have their own documentation that can be found in the wiki:
BruteForce — discover valid user accounts
Rules — perform the traditional, rule based attack
Forms — execute VBScript through forms
GAL — grab the Global Address List
The post ruler: abuse Exchange services appeared first on Penetration Testing.