工具介绍

ExchangeRelayX是一个python编写的exchange脚本，通过反向代理原始的owa服务器，然后利用其xml接口去访问原始服务器，达到劫持请求，NTML重放等攻击

Features

Raw XML Access to the EWS server, so you can send requests to functions and features that were not pre-programmed in exchangeRelayx

Add redirecting rules to the victim’s email for backdooring

Download all attachments of the user, inbox and sent

Search the global address book tied to Active Directory

Send emails, with attachments, as the victim – the emails will not be stored in the user’s sent folder

使用方法

pip install -r requirements.txt

./exchangeRelayx.py -t https://mail.quickbreach.com

下载地址

https://github.com/quickbreach/ExchangeRelayX

文章出处：黑客工具箱