UhOh365 – A Script That Can See If An Email Address Is Valid In Office365 (User/Email Enumeration)

UhOh365 – A Script That Can See If An Email Address Is Valid In Office365 (User/Email Enumeration)

A script that can see if an electronic mail handle is legitimate in Business365. This does not accomplish any login attempts, is unthrottled, and is unbelievably valuable for social engineering assessments to come across which emails exist and which do not.

Microsoft does not take into consideration “e-mail enumeration” a vulnerability, so this is having advantage of a “element”. There are a few other public Office365 e mail validation scripts out there, but they all (that I have witnessed) have to have at least 1 login attempt for every consumer account. That is detectable and can be uncovered as a light bruteforce attempt (1 “widespread” password throughout many accounts).

This script will allow for e-mail validation with zero login makes an attempt and only employs Microsoft’s crafted-in Autodiscover API so it is invisible to the particular person/corporation who owns the e-mail deal with. Also, this API contact appears to be wholly unthrottled and I was equipped to validate about 2,000 electronic mail addresses in 1 moment in my tests.

Use

The script is in fact really primary and quick to use. You make a file of the e-mails you want to see are legitimate or not and pass it as an argument to the script. Or you can present a file just of usernames and give the -s argument to instantly append a suffix to each individual entry:

Use: UhOh365.py [-h] [-v] [-t THREADS] [-o OUTPUT] file

positional arguments:
file Input file made up of just one e-mail per line

optional arguments:
-h, --support exhibit this assist information and exit
-v, --verbose Show just about every outcome as valid/invalid. By default only displays legitimate
-s, --suffix Insert a domain suffix to each and every input line from file (e.g: contoso.com)
-t THREADS, --threads THREADS
Selection of threads to run with. Default is 20
-o OUTPUT, --output OUTPUT
Output file for legitimate emails only
-n, --nossl Change off SSL verification. This can boost speed if
wanted
-p PROXY, --proxy PROXY
Specify a proxy to run this through (eg: 'http://127...1:8080')

Rationalization

This is truly a pretty straightforward detail to do. It turns out the /autodiscover/autodiscover.json/v1./Electronic mail?Protocol=Autodiscoverv1 API endpoint returns different position codes for if an email exists in o365 or not. 200 standing code indicates it exists, a 302 usually means it won’t exist.

If the email does exist:

UhOh365 1

If the e mail does not exist:

UhOh365 2

Recognize this ask for will take zero authentication or identifying parameters and it does not cause a login attempt on the concentrate on account.

Writer

Chris King

raikiasec@gmail.com

@raikiasec

22qgIrh3avY

Graphic and Post Source hyperlink

Browse Extra on Pentesting Resources

You may also like...

Leave a Reply

Your email address will not be published. Required fields are marked *

%d bloggers like this: