Phishing is an integral part of red teaming. Using documents with macros and DDE has come to be in bad taste. Luckily, a lot of companies use MS Exchange as a corporate mail server. The use EWS makes the users’ life easier and really helps red team specialists. A regular MS Office document allows the researcher to obtain a user’s password, as well as to gain complete control over his MS Exchange mailbox.
This report is about the tool developed by our team, which works with all modern Microsoft OS versions and allows you to implement an NTLM-relay attack on MS Exchange Server via both SMB and HTTP. A convenient logging and flexible configuration systems allows you to produce phishing campaigns qualitatively and quickly.