1 | 1 | | $target = "mail.local" |
| 2 | + | $checkdns = Resolve-DnsName $target -ErrorAction SilentlyContinue |
| 3 | + | |
| 4 | + | if($checkdns){ |
| 5 | + | Write-host "Running autodiscover test..." -ForegroundColor Cyan |
2 | 6 | | try |
3 | 7 | | { |
4 | | - | $webtest = Invoke-WebRequest -uri "https://$target/autodiscover" |
| 8 | + | $webtest1 = Invoke-WebRequest -uri "https://$target/autodiscover" |
5 | 9 | | } |
6 | 10 | | catch |
7 | 11 | | { |
| skipped 2 lines |
10 | 14 | | $Failure.Headers.tostring() |
11 | 15 | | } |
12 | 16 | | |
| 17 | + | |
| 18 | + | |
| 19 | + | Write-host "Running autodiscover SSRF test..." -ForegroundColor Cyan |
13 | 20 | | try |
14 | 21 | | { |
15 | | - | $webtest = invoke-webrequest -uri "https://$target/autodiscover/[email protected]/owa/&Email=autodiscover/[email protected]&Protocol=XYZ&FooProtocol=Powershell" |
| 22 | + | write-host "testing site..." -ForegroundColor Gray |
| 23 | + | $webtest2 = invoke-webrequest -uri "https://$target/autodiscover/[email protected]/owa/&Email=autodiscover/[email protected]&Protocol=XYZ&FooProtocol=Powershell" |
16 | 24 | | } |
17 | 25 | | catch |
18 | 26 | | { |
19 | | - | $Failure = $_.Exception.Response |
20 | | - | $Failure.Headers.tostring() |
21 | | - | $Failure.Headers.tostring() | findstr /I "X-OWA-Version" |
22 | | - | $Failure.Headers.tostring() | findstr /I "X-FEServer" |
23 | | - | if($Failure.Headers -contains "X-FEServer") |
24 | | - | { |
25 | | - | write-host "Poentially vulnerable to CVE-2022-40140 & CVE-2022-41082" -ForegroundColor Red |
| 27 | + | write-host "Caught" -ForegroundColor Red |
| 28 | + | $Failure = $_.Exception.Response |
| 29 | + | $Failure.Headers.tostring() |
| 30 | + | $Failure.Headers.tostring() | findstr /I "X-OWA-Version" |
| 31 | + | $Failure.Headers.tostring() | findstr /I "X-FEServer" |
| 32 | + | if($Failure.Headers -contains "X-FEServer") |
| 33 | + | { |
| 34 | + | write-host "Poentially vulnerable to CVE-2022-40140 & CVE-2022-41082" -ForegroundColor Red |
| 35 | + | } |
26 | 36 | | } |
27 | 37 | | |
28 | 38 | | |
| 39 | + | if($webtest2.StatusCode -eq 200) |
| 40 | + | { |
| 41 | + | write-host "Authenticated to Server" -ForegroundColor Green |
| 42 | + | if($webtest2.Headers.Keys -contains "X-FEServer") |
| 43 | + | { |
| 44 | + | write-host "Poentially vulnerable to CVE-2022-40140 & CVE-2022-41082" -ForegroundColor Red |
| 45 | + | } |
| 46 | + | } |
| 47 | + | |
| 48 | + | } |
| 49 | + | else |
| 50 | + | { |
| 51 | + | write-host "DNS does not resolve" -ForegroundColor Red |
29 | 52 | | } |
30 | 53 | | |