甲方安全建设之office365邮箱弱口令检测

甲方安全建设之office365邮箱弱口令检测

信息收集

资产范围

资产列表总数是521

抓包后发现只有102

一番测试之后发现控制Response的关键在于MaxEntriesReturned字段，修改后Response达到了期望的结果

正则提取

开源中国在线正则表达式工具

python爆破脚本

import smtplib
import os
import time
# 获取当前时间以命名文件
def file_name():
	t = time.strftime('%Y-%m-%d',time.localtime())
	suffix = ".txt"
	fullname = t+suffix
	return fullname
# 使用smtp协议连接
def conn(u,p):
	s = smtplib.SMTP(host='smtp.office365.com', port=587)
	s.starttls()
	r = s.login(u,p)
	return r
	
def main():
    with open('/Users/markzhang/Desktop/user.txt','r') as user:
        with open('/Users/markzhang/Desktop/pass.txt','r') as password:
            users = user.readlines()
            passwords = password.readlines()
            for u in users:
                for p in passwords:
                    u = u.strip('
')
                    p = p.strip('
')
                    try:
                    	res = conn(u,p)
                    	#print res
                    	with open('/Users/markzhang/Documents/python/security/demo.txt','w') as f:
                    		#print os.getcwd()
                    		os.chdir('/Users/markzhang/Documents/python/security/')
                            #重命名，将正确结果写入文件
                    		os.rename('demo.txt',file_name())
                    		if res[0] == 235:
								f.write(u)
								f.write('/')
								f.write(p)
								f.write('
')

							#os.chdir('/Users/markzhang/Documents/python/security/')
							#os.rename('demo.txt',file_name())
							
                    	
                    except Exception as e:
                    	print 'wrong account/pass',u,'/',p,e
					
					
if __name__ == '__main__':
	main()
    

添加定时任务

crontab -e添加内容如下，每周四的12:30执行

30 12 * * 4 cd /Users/markzhang/Documents/python/security/;python outlook.py