Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/dirkjanm/PrivExchange
Exchange your privileges for Domain Admin privs by abusing Exchange
https://github.com/dirkjanm/PrivExchange
Last synced: about 1 month ago
JSON representation
Exchange your privileges for Domain Admin privs by abusing Exchange
- Host: GitHub
- URL: https://github.com/dirkjanm/PrivExchange
- Owner: dirkjanm
- License: mit
- Created: 2019-01-21T17:39:47.000Z (almost 6 years ago)
- Default Branch: master
- Last Pushed: 2020-01-23T19:48:51.000Z (almost 5 years ago)
- Last Synced: 2024-06-06T18:55:31.653Z (6 months ago)
- Language: Python
- Size: 13.7 KB
- Stars: 957
- Watchers: 31
- Forks: 173
- Open Issues: 2
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
- awesome-hacking-lists - dirkjanm/PrivExchange - Exchange your privileges for Domain Admin privs by abusing Exchange (Python)
README
# PrivExchange
POC tools accompanying the blog [Abusing Exchange: One API call away from Domain Admin](https://dirkjanm.io/abusing-exchange-one-api-call-away-from-domain-admin/).## Requirements
These tools require [impacket](https://github.com/SecureAuthCorp/impacket). You can install it from pip with `pip install impacket`, but it is recommended to use the latest version from GitHub.## privexchange.py
This tool simply logs in on Exchange Web Services to subscribe to push notifications. This will make Exchange connect back to you and authenticate as system.## httpattack.py
Attack module that can be used with ntlmrelayx.py to perform the attack without credentials. To get it working:
- Modify the attacker URL in `httpattack.py` to point to the attacker's server where ntlmrelayx will run
- Clone impacket from GitHub `git clone https://github.com/SecureAuthCorp/impacket`
- Copy this file into the `/impacket/impacket/examples/ntlmrelayx/attacks/` directory.
- `cd impacket`
- Install the modified version of impacket with `pip install . --upgrade` or `pip install -e .`