Penetration Testing mailing list archives
Re: [PEN-TEST] examining exchange mail
From: Laura Nuñez <potus () glacyar com ar>
Date: Wed, 6 Dec 2000 21:05:07 -0300
Hi Andrew, To access the mailboxes on a Exchange server you need especial permissions on the Exch Organization. That's the exch three-level hierarchical structure. Organization, Site and Servers. To access (read the mailboxes) you need at least "Service Account Admin" rights on the 3 levels. That's special exch rights you can assign from the Exch Admin.exe program. If you have access to the service account that runs the backup (ArcServe works this way) or the service account for Exchange, they have this permissions by sure. This kind of open permissions are a political danger for the mail administrators, because of the privacy implications. In some companies, they split the Admin password in two parts and thus two different people are required to use the account. If you don't have this kind of accounts and have access to a backup tape. You can restore for recovery only the Information Store on a different machine (installed exactly the original, server name, Organization, Site, disk, directories, etc-there are some other possibilities, by i don't have them at hand) and then repopulate the Directory Store from there. In the case the original exch server doesn't have an strange setup (other recipient names than the default, etc) that should work smoothly. You can find the exact steps to do so checking at www.microsoft.com/technet for the words Exchange and recovery and IS and DS, or something like that. There are some caveats about recovery mode in the setup program in this case. Have care when you do that, because if you install it on a secondary DC of the same domain than the original server you will need to sut down the original, because i think the exch installation needs to access the PDC to validate the account and you will have problems with two servers with the same name :) Saludos, Laura --------------------------------------- Laura Nuñez mailto:potus () glacyar com ar PGP Fingerprint: 995C 89F3 DAF5 F106 4D6C C4B4 8A0C 832F A2FD 1BBA PGP Public Key: http://www.glacyar.com.ar/potus.asc Sitio web: http://www.glacyar.com.ar Lista Glacyar InfoSec: http://glacyar.listbot.com/ --------------------------------------- -----Mensaje original----- De: Penetration Testers [mailto:PEN-TEST () SECURITYFOCUS COM]En nombre de Andrew Thomas Enviado el: Miércoles, 06 de Diciembre de 2000 02:23 p.m. Para: PEN-TEST () SECURITYFOCUS COM Asunto: [PEN-TEST] examining exchange mail Hi, I know the topic of getting mail has come up before, so please understand I'm not asking for a way to gather mail as it arrives, either via Dug Song's mailsnarf, bcc tomfoolery or playing with relays. I have domain admin on a network, and I want to know how I would go about viewing mail *stored* on the Exchange Server, if this is possible. What little research I have done, has not turned up much, so if anyone could help, it would be much appreciated. Take care, Andrew - Andrew Thomas <eye2eye> digital distillers ltd office: +27-(0)21-4889820 facsimile: +27-(0)21-4889830 mobile: +27-(0)82-7850166
Current thread:
- [PEN-TEST] examining exchange mail Andrew Thomas (Dec 07)
- Re: [PEN-TEST] examining exchange mail Ryan Russell (Dec 07)
- Re: [PEN-TEST] examining exchange mail Work, Clinton (Dec 07)
- Re: [PEN-TEST] examining exchange mail Phonix (Dec 10)
- Re: [PEN-TEST] examining exchange mail Deus, Attonbitus (Dec 10)
- Re: [PEN-TEST] examining exchange mail Conor Crowley (Dec 10)
- Re: [PEN-TEST] examining exchange mail Robert van der Meulen (Dec 07)
- Re: [PEN-TEST] examining exchange mail Francois Pepin (Dec 07)
- Re: [PEN-TEST] examining exchange mail Patrick Aland (Dec 07)
- Re: [PEN-TEST] examining exchange mail Laura Nuñez (Dec 07)
- <Possible follow-ups>
- Re: [PEN-TEST] examining exchange mail Jeff Oliver (Dec 07)
- Re: [PEN-TEST] examining exchange mail Marty Richards (Dec 07)
- Re: [PEN-TEST] examining exchange mail Mark Armitage (Dec 07)
- Re: [PEN-TEST] examining exchange mail Andrew Thomas (Dec 10)
- Re: [PEN-TEST] examining exchange mail Charlie Roberts (Dec 10)
- Re: [PEN-TEST] examining exchange mail Ryan Russell (Dec 07)