HEllo,
I am wondering how one can aquire the inbox name for a certain Exchange account. Would it be viewable in Internet headers of an email?
Does anyone have any ideas?
Thanks in advance!
Regards,
surreal
Printable View
HEllo,
I am wondering how one can aquire the inbox name for a certain Exchange account. Would it be viewable in Internet headers of an email?
Does anyone have any ideas?
Thanks in advance!
Regards,
surreal
You would have to set up an IMAP or POP3 mail server at home and also register to www.yoursite.net. I've tried to do this and it is very hard both to maintain and to configure but a good mail server is qmail (I don't know any ones for Windows).
The name of the inbox is usually directly related to the e-mail account name unless someone is practicing security through obscurity.
E.G [email protected]
The Exchange message store for the active directory is usually labeled as mark_boyle2002.
I don't know if maybee your trying to get some info from us for some illegal practice but could you make your question a little clearer.
Also if you are trying to bee a l33th4x0r RTFM
Quote:
Actually if your trying to be a leet Hax0r please refer to this post here:
http://www.antionline.com/showthread...974#post640974
Why exactly would you care about the name of the inbox on an exchange server? What information are you hoping to gain from this? I'm a newbie when it comes to webservers and I'm just interested in where you might be going with this informaiton.
Thanks...
~AciD
The mailbox name is the AD user name and has no bearing on the email address itself. In most cases people will do [email protected] where handle is also the email ID and AD account name. But not always.
The only reason I can think of that somebody would want to know the AD account name is to try and gleem valid account names to try a brute force attack.
Heh, you should definately check out Gore's post. He's written all the super secret details about how Win ME is uber l33t and how to be leet :D.
If we're talking about an Exchange mailbox then we're not really dealing with a standard e-mail account. As for getting box names would depend on how the Exchange server was configured and what domains are trusted etc. Depending on configuration exchange will allow queries as to whether a box is valid or not (usually only if you are already an authenticated user on a trusted domain),but this would not do you a whole lot of good as most exchange servers use NTLM authentication(by default I believe?) through AD (Hopefully NTLMv2 if the admin is smart *l0pht cough*) and even knowing the mail box name will not give you any access without a valid access token from a trusted authority aka Domain Server/Trusted domain server so a brute force attack won't do **** for you anyway. :)
-Maestr0
Maestro- If you know the user name, and you use a brute force attack to guess the password, you will have gained the proper authentication. That is the purpose of a brute force attack, to get permissions for an account you know is valid, but do not know the password to.
OMG gore!
You right dOOd, wanna be l337 h40r go to that link. In no time you can hax hotmail and eyeseekyou wi da tool . Yo Master Boot Record will be sweet and leet in no time! Cause you da masta cracka foo.
After that post RoadClosed, all I can think about is WeirdAl's song "It's all about the Pentiums"...!
~AciD
LOL, never heard it. Maybe I should piss off the RIAA and see if it's on P2P. I mean I would like to hear it but I am not going to go buy the CD for one song, the radio doesn't play it, MTV probably won't air it so how else could I be turned on to it and have a sample?
I am l337 P2P ha4or mofa
I realize what a brute force attack is, and unfortunately the Inbox is NOT neccesarily the logon name(in fact almost certainly is not) and cannot be enumerated from the exchange server w/o an authenticated user account (meaning you already have an account and if you want someone elses there are a of lot better ways like NetBIOS which you can try a dictionary attack on or locally cached stuff like LSA secrets) and if you DID have the user logon you wouldnt be brute forcing the exchange server but the domain authority which would be over a network (NTLMv2 is 128-bit with Kerberos that should only take a few thousand years) while also basically DOSing the domain controller with log-on attempts(Which I think someone would notice,eh?) In order to effectively brute force a NTLM account with any kind of speed a copy of the SAM must be available locally(And this is assuming you have the syskey,of course), allowing HUNDREDS of THOUSANDS if not MILLIONS of tries per second which somehow I dont see him doing over TCP/IP. In otherwords if you can brute force a NTLMv2 password over a network, I'll eat my ****ing keyboard. Even if NTLMv2 was NOT used he would have a better chance of success by sniffing packets for authentication handshakes from the depricated LANMAN(LM) auth/SMBsniffing which has widely known weaknesses(aka sux) and THEN brute forcing.Quote:
Originally posted here by mohaughn
Maestro- If you know the user name, and you use a brute force attack to guess the password, you will have gained the proper authentication. That is the purpose of a brute force attack, to get permissions for an account you know is valid, but do not know the password to.
-Maestr0
"These LMv2 and NTLMv2 encrypted pairs are quite strong and, although they can be captured from the network by LC4, they are essentially immune to either its dictionary or brute-force attacks" -@Stake
EDIT:
P.S. I'll only eat half my keyboard if strong password policy is not enforced :)
heh, by all means, piss off RIAA. Seems like nobody else is holding back when it comes to that ;)
Are you using active directory? I am just learning it and ALL my applications of Exchange are detailed in the active directory profile. Am I implementing things incorectly?Quote:
I realize what a brute force attack is, and unfortunately the Inbox is NOT neccesarily the logon name(in fact almost certainly is not)
I may be mistaking what you are asking, but Exchange 2000 is intertwined with Active Directory, even the schema. All the Exchange settings for users are now changed inside of Active Directory.Quote:
Originally posted here by RoadClosed
Are you using active directory? I am just learning it and ALL my applications of Exchange are detailed in the active directory profile. Am I implementing things incorectly?
-NeuTron
yes that is what I am saying, in active directory the user name is the same as the mailbox name. It has to be and if that isn't true then I am implementing things wrong. The inbox IS the same as the log in name under active directory.
I'm a little fuzzy on this but I'm pretty sure that you are able to name the mailbox for any user whatever you want. It doesn't have to be the username as far as I know. It's been a couple months since I touched an Exchange box but I seem to remember having control of the mailbax name. 90% sure I would say....
-NeuTron
Exactly. On a Domain controller there is no 'local' machine with users, its all in your AD and is managed thru the AD mmc concoles, Exchange will use these entries as well since all the required structures are already in place.Quote:
Originally posted here by NeuTron
I may be mistaking what you are asking, but Exchange 2000 is intertwined with Active Directory, even the schema. All the Exchange settings for users are now changed inside of Active Directory.
-NeuTron
-Maestr0
OK thanks all, active directory is hard to get used to a first; being in my domain controller/wins mind set versus Active Directory Objects and DNS. I love it though, so far. DNS caused me a sleepless night though. Old file shares stopped working and a slew of other issues. I love being able to set up a mail user and just adding exchange profiles right in the user console.
Quote:
Originally posted here by RoadClosed
yes that is what I am saying, in active directory the user name is the same as the mailbox name. It has to be and if that isn't true then I am implementing things wrong. The inbox IS the same as the log in name under active directory.
Yes, this is true, I was a bit hasty in my last statement,the exchange server identifies the mailbox by the NT account but when connecting will use the Display name made from lname,fname but can be whatever you want(I believe). So your NT account may be smithr03 but will display as Smith,Bob not that it really matters since exchange will attempt to match the name for you :) Regardless, without an exploit for exchange I dont see a brute force attack on an exchange server as worth anything(especially since we're assuming you already have a user account, unless the admin is a talking donkey and leaves his exchange server on the internet) when there are much better and faster ways to skin the cat.
-Maestr0
I added to my how to be leet thing:
http://www.antionline.com/showthread...hreadid=245824
Heh, just in case someone needed to be an awesome Hax0r quick.
Hee Haw Hee Haw, loved that quote. I am so paranoid of my exchange server I have considered placing another send mail server in front of it to hide it's actual IP. But I figure I am ok since I am ONLY allowing port 25 to that box. Still.... always thinking, always thinking...Quote:
unless the admin is a talking donkey and leaves his exchange server on the internet)
As long as you don't allow POP with cleartext passwords... That really would be a bummer!Quote:
Originally posted here by RoadClosed
Hee Haw Hee Haw, loved that quote. I am so paranoid of my exchange server I have considered placing another send mail server in front of it to hide it's actual IP. But I figure I am ok since I am ONLY allowing port 25 to that box. Still.... always thinking, always thinking...
"It ain't paranoia when there really is someone after you!" ;)
Ammo
maestro- we are agreeing. I never said that a brute force attack against OWA would be effective, just given what little the person who opened this thread said, that is the only thing I can figure that they were trying to do. Determine the NT account name, based on the email address to then try and hack the email account.
Roadclosed- It is a very very good idea to put a unix based sendmail system(or other SMTP mail daemon) in front of an exchange server. The main reason being that there are a lot of really good and free SMTP utilities for Unix that do not exist for Exchange. We actually have three layers in front of our exchange servers. But we are moving a couple million messages a day.
no POP at all, not even Diet Pepsi. Considering opening Exchange's web interface. It's a nifty tool, weighing the benefit or access vs. risk.
Yes indeed, I am moving toward adding that nix sendmail in front as time allows. I figure my bandwidth could do just fine with the little 400mhz box I see begging to be loaded with nix over in the corner.
Just my personal opinion but I would use Postfix instead of sendmail.Quote:
Originally posted here by RoadClosed
no POP at all, not even Diet Pepsi. Considering opening Exchange's web interface. It's a nifty tool, weighing the benefit or access vs. risk.
Yes indeed, I am moving toward adding that nix sendmail in front as time allows. I figure my bandwidth could do just fine with the little 400mhz box I see begging to be loaded with nix over in the corner.
Sendmail has alot of insecurities and postfix is a little more secure. Might wanna look into that. Not going at telling you what to do but just a suggestion :)