Re: [PEN-TEST] examining exchange mail

[Marty Richards <marty () netwaynetworks com au>]

On Thursday, December 07, 2000 5:07 AM, Robert van der Meulen
[SMTP:rvdm () CISTRON NL] wrote:
> Hi,
>
> Quoting Andrew Thomas (blink () EYE2EYE NET):
> > I have domain admin on a network, and I want to know how I would go
about
> > viewing mail *stored* on the Exchange Server, if this is possible.
> >
> > What little research I have done, has not turned up much, so if anyone
could
> > help, it would be much appreciated.
> AFAIK it shouldn't be so hard to either move the mail to a new account,
or
> write some win32 program that uses the NT api's to open the mailbox
> files/databases. Altering the rights of the target user should be
possible
> too, i guess. I'm a non-m$, unix-person only, so my experience with
Exchange
> is limited. I did work with M$ api's for some time, and found them quite
> complete.
>
> What this has to do with pen-testing, i don't get ;) Also keep in mind
that
> reading any users' email (unless it's your own) can offer a nice legal
> problem, even in a pen-test scope (not mentioning ethics).

Probably the easiest way is to use Micro$oft's Outlook mail client. Using
Lookout with appropriate permissions will allow you to open anyone's mail
folders.

There is also another Micro$loth utility called ExMerge - part of the
exchange resource kit I think... anyway, it allows you to export a users
folders to a PST file, which can then be opened offline by Lookout.

Cheers,
Marty