Re: [PEN-TEST] examining exchange mail

[Laura Nuñez <potus () glacyar com ar>]

Hi Andrew,
        To access the mailboxes on a Exchange server you need especial permissions
on the Exch Organization. That's the exch three-level hierarchical
structure. Organization, Site and Servers. To access (read the mailboxes)
you need at least "Service Account Admin" rights on the 3 levels. That's
special exch rights you can assign from the Exch Admin.exe program. If you
have access to the service account that runs the backup (ArcServe works this
way) or the service account for Exchange, they have this permissions by
sure.
        This kind of open permissions are a political danger for the mail
administrators, because of the privacy implications. In some companies, they
split the Admin password in two parts and thus two different people are
required to use the account.
        If you don't have this kind of accounts and have access to a backup tape.
You can restore for recovery only the Information Store on a different
machine (installed exactly the original, server name, Organization, Site,
disk, directories, etc-there are some other possibilities, by i don't have
them at hand) and then repopulate the Directory Store from there. In the
case the original exch server doesn't have an strange setup (other recipient
names than the default, etc) that should work smoothly. You can find the
exact steps to do so checking  at www.microsoft.com/technet for the words
Exchange and recovery and IS and DS, or something like that. There are some
caveats about recovery mode in the setup program in this case. Have care
when you do that, because if you install it on a secondary DC of the same
domain than the original server you will need to sut down the original,
because i think the exch installation needs to access the PDC to validate
the account and you will have problems with two servers with the same name
:)


Saludos, Laura
---------------------------------------
Laura Nuñez
mailto:potus () glacyar com ar
PGP Fingerprint: 995C 89F3 DAF5 F106 4D6C C4B4 8A0C 832F A2FD 1BBA
PGP Public Key: http://www.glacyar.com.ar/potus.asc
Sitio web: http://www.glacyar.com.ar
Lista Glacyar InfoSec: http://glacyar.listbot.com/
---------------------------------------



-----Mensaje original-----
De: Penetration Testers [mailto:PEN-TEST () SECURITYFOCUS COM]En nombre de
Andrew Thomas
Enviado el: Miércoles, 06 de Diciembre de 2000 02:23 p.m.
Para: PEN-TEST () SECURITYFOCUS COM
Asunto: [PEN-TEST] examining exchange mail


Hi,

I know the topic of getting mail has come up before, so please understand
I'm not asking for a way to gather mail as it arrives, either via Dug Song's
mailsnarf, bcc tomfoolery or playing with relays.

I have domain admin on a network, and I want to know how I would go about
viewing mail *stored* on the Exchange Server, if this is possible.

What little research I have done, has not turned up much, so if anyone could
help, it would be much appreciated.

Take care,
  Andrew
-
Andrew Thomas
<eye2eye> digital distillers ltd
office: +27-(0)21-4889820
facsimile: +27-(0)21-4889830
mobile: +27-(0)82-7850166