mdsecresearch / lyncsniper Goto Github PK
View Code? Open in Web Editor NEWLyncSniper: A tool for penetration testing Skype for Business and Lync deployments
LyncSniper: A tool for penetration testing Skype for Business and Lync deployments
Hello,
Tried to use it against my o365 setup and I'm getting the error "Direct login to WLID is not allowed for this federated namespace".
Did you ran against this issue ? Is anything can be done ?
Full XML Output:
<?xml version="1.0" encoding="utf-8"?><S:Envelope xmlns:S="http://www.w3.org/2003/05/soap-envelope" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmln
s:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wst="http://schemas.xmlsoap.org/ws/2005/02/trust" xmlns:psf="http://schemas.microsoft.com/Passport/SoapServices
/SOAPFault"><S:Body><S:Fault><S:Code><S:Value>S:Sender</S:Value><S:Subcode><S:Value>wst:FailedAuthentication</S:Value></S:Subcode></S:Code><S:Reason><S:Text xml:lang="en-US">Authentication Failure</S:Text></S
:Reason><S:Detail><psf:error><psf:value>0x80048821</psf:value><psf:internalerror><psf:code>0x80047860</psf:code><psf:text>Direct login to WLID is not allowed for this federated namespace
</psf:text></psf:internalerror></psf:error></S:Detail></S:Fault></S:Body></S:Envelope>
When attempting to test this script, I have a users.txt file with one email address listed. Upon attempting the invoke-lyncspray, it fails on invalid credential provided at the command line. But when I use the correct password once (correctly shows the Found credentials message) subsequent calls also return the valid credential message even with invalid password entries.
I am issuing the following commands and nothing is happening, the script looks like it is trying to work but then it just drops me into a prompt again.
Import-Module .\LyncSniper.ps1 Invoke-LyncBrute -UserName [email protected] -PassList realhuman_phill.txt' -office365 -verbose
I am able to use Invoke-LyncBrute to validate the script and it works as intended, but Invoke-LyncSpray runs and crashes the ISE/PowerShell. Not sure what I can provide to help re-create it or debug the issue. Let me know how what information would help.
Update: looks like if you have a username.txt file with just one entry, the $username = $usernames[0] returns only the first character of the line which then fails to parse the URL from as there is no email suffix. If there are two entries it works however it appears that get-content is adding spaces into the object from the text file (not sure why its doing this) and on the space in between usernames the script throws an error.
Great script BTW - there seems to be quite a lot of functionality in the Lync client that could be exploited (turning on logging of IMs, extracting contact information (phone, email, location detail). This would be great to be integrated with the MailSniper tool.
"For more information on LyncSniper, check out this blog post."
Which blog post?
Hi there... Please let me know what I'm doing wrong. I do appreciate your help!
PS C:\Tools\LyncSniper-master> Import-Module .\LyncSniper.ps1
Add-Type : c:\Tools\LyncSniper-master\Tunable-SSL-Validator\TunableValidator.cs
(29) : Default parameter specifiers are not permitted
c:\Tools\LyncSniper-master\Tunable-SSL-Validator\TunableValidator.cs(28) :
c:\Tools\LyncSniper-master\Tunable-SSL-Validator\TunableValidator.cs(29) : >>>
public static void SetValidator(bool ignoreChainErrors = false, Hashtable
trustedCerts = null, bool showConsoleStandardOutput = true)
c:\Tools\LyncSniper-master\Tunable-SSL-Validator\TunableValidator.cs(30) :
{
At C:\Tools\LyncSniper-master\Tunable-SSL-Validator\TunableSSLValidator.psm1:1
char:9
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.