Re: Get Outlook Web Address URL

[Dan <cdcdanielctin () gmail com>]

Hello, David,

      First of all I would like to apologize for replying after so
much time but I have been very busy with renovating my new home.
 The ronovation is coming to an end so I wil start implementing the
suggestions Henri made and some of my new ideas regarding the list of
subdomains.

Regarding the functionality of the script, it was developed
specifically for retrieving the Outlook Web Access URL and I consider
to be usefull because the http like scripts queries only the path
(correct me if I am wrong)  used by popular web applications were as
my script takes the domain and builds the target hostname and queries
them for the typically directory used for Outlook Web Access.


Thank you,

Daniel


On Mon, Aug 15, 2011 at 10:10 AM, David Fifield <david () bamsoftware com> wrote:
> Dan,
>
> I don't know if Henri cpied you in this message he sent to the mailing
> list. He makes good suggestions that you should implement.
>
> I'm still a bit confused about what this script does--what is the
> Outlook URL good for? From what I can tell, it tries an MX query to get
> a list of domains, otherwise it uses a default list {"mail", "webmail",
> etc.}. It then tries to retrieve a web page from each of the domains and
> reports if any of them is successful. Is that correct?
>
> David Fifield
>
> On Fri, May 27, 2011 at 03:18:14PM +0200, Henri Doreau wrote:
> > 2011/4/22 Dan <cdcdanielctin () gmail com>:
> > > Hello everybody,
> > >
> > > I found out the hard way that sometimes getting information from the
> > > mail server admin can be very difficult due to externalization so I’ve
> > > decided to write a NSE script that discovers the OWA URL, information
> > > that would be very usefull in cases like configuring a handheld
> > > device, a Blackberry Internet Service account or just simply access
> > > the webmail.
> > >
> > > The script is based on empirical data and it has been successfully
> > > tested on several public server.
> > >
> > > [...]
> > >
> > > This is my first Lua script so run it and give me your feedback.
> > >
> > > Daniel
> >
> > (resending to nmap-dev as it looks like something went wrong the first time).
> >
> > Hello Daniel,
> >
> > thanks for the script and sorry for the long delay. I know no server I
> > could use to test the script but here are a few suggestions about the
> > code.
> >
> > - please change the mixed tabs and spaces indentation to something
> > consistent, 2 or 4 spaces only is a good and fairly common choice.
> > - instead of using several table.insert() statements to generate the
> > targets array, the check_targets() function should simply iterate over
> > an array of subdomains. Something like this:
> > """
> > local subdomains = {"mail", "webmail", "owa", "exchange", "webmaileu", "exmail"}
> > local results = {}
> > local targets = {}
> >
> > for _, subdomain in ipairs(subdomains) do
> >    table.insert(targets, subdomain .. "." .. targetname)
> > end
> > """
> > I'm also wondering whether it would make sense to offer the user the
> > ability to specify other names on the command line.
> > - calls to print() should be replaced by stdnse.print_debug/verbose
> > (see [1]), no need to check for the verbosity level before calling the
> > function then.
> > - unless I missed something, it looks like the action function could
> > be simplified, at least by moving duplicate code to a single function.
> > But it would be even better to have get_mx() returning an array (even
> > if it contains a single element). Then just iterate over the elements
> > of this array without worrying about its size.
> > - in check_targets() and check_mx() the script does things like:
> > """
> > local email_server = "https://"; .. mx .. p
> > results[#results + 1] = string.format("OWA Found with: ")
> > results[#results + 1] = string.format("Email Server: %s", email_server)
> >
> > if (c == 302) then
> >    results[#results + 1] = string.format("Real Server Location: %s", l)
> > end
> > """
> > Using table.insert() would probably be easier to read, no big deal
> > though. string.format() is not useful for "OWA Found with: ", you can
> > just assign the string.
> > - you should improve the documentation a bit. At least elaborate on
> > what the script does in the description field and add an @args entry
> > in the nsedoc section to describe the aim of get-owa.domain (see
> > existing scripts for reference).
> > - the global variable "path" is only used by check_mx() and could
> > therefore be localized there.
> >
> >
> > Regards.
> >
> >
> > [1] http://nmap.org/nsedoc/lib/stdnse.html#print_debug
> >
> >
> > Henri
> > _______________________________________________
> > Sent through the nmap-dev mailing list
> > http://cgi.insecure.org/mailman/listinfo/nmap-dev
> > Archived at http://seclists.org/nmap-dev/
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/