https://github.com/dirkjanm/PrivExchange

Exchange your privileges for Domain Admin privs by abusing Exchange
https://github.com/dirkjanm/PrivExchange

Last synced: 1 day ago
JSON representation

Exchange your privileges for Domain Admin privs by abusing Exchange

• Host: GitHub
• URL: https://github.com/dirkjanm/PrivExchange
• Owner: dirkjanm
• License: mit
• Created: 2019-01-21T17:39:47.000Z (almost 6 years ago)
• Default Branch: master
• Last Pushed: 2020-01-23T19:48:51.000Z (almost 5 years ago)
• Last Synced: 2024-06-06T18:55:31.653Z (5 months ago)
• Language: Python
• Size: 13.7 KB
• Stars: 957
• Watchers: 31
• Forks: 173
• Open Issues: 2
• Metadata Files:
  • Readme: README.md
  • License: LICENSE

Awesome Lists containing this project

• awesome-hacking-lists - dirkjanm/PrivExchange - Exchange your privileges for Domain Admin privs by abusing Exchange (Python)

README

        
# PrivExchange

POC tools accompanying the blog [Abusing Exchange: One API call away from Domain Admin](https://dirkjanm.io/abusing-exchange-one-api-call-away-from-domain-admin/).

## Requirements

These tools require [impacket](https://github.com/SecureAuthCorp/impacket). You can install it from pip with `pip install impacket`, but it is recommended to use the latest version from GitHub.

## privexchange.py

This tool simply logs in on Exchange Web Services to subscribe to push notifications. This will make Exchange connect back to you and authenticate as system.

## httpattack.py

Attack module that can be used with ntlmrelayx.py to perform the attack without credentials. To get it working:

- Modify the attacker URL in `httpattack.py` to point to the attacker's server where ntlmrelayx will run

- Clone impacket from GitHub `git clone https://github.com/SecureAuthCorp/impacket`

- Copy this file into the `/impacket/impacket/examples/ntlmrelayx/attacks/` directory.

- `cd impacket`

- Install the modified version of impacket with `pip install . --upgrade` or `pip install -e .`