Penetration Testing mailing list archives
re: DECODING EMAILS BETWEEN MS EXCHANGE AND A CLIENT
From: Dan Berberich <dan.berberich () gmail com>
Date: Thu, 21 Jul 2005 08:51:15 -0400
Steve - funny, I'm currently working on the same problem. So far all I've got is doing a session capture and packed decode with ethereal. I have also exhaustively searched for a X.400 tool, but have so far found none. In my free time I might be planning to write a parser to extract just the packet payload, but I'm a little out of free time at the moment. -dan Steve said: We currently have a task that requires us to perform a capture of emails between an MS Exchange server and a MS Office Outlook (x400) client. I recognise a dirth of SMTP and POP sniffing programs out there but nothing seems to be able to decode the DCE RPC encoding/encryption of the exchange client communications. Is there anyone out there with knowledge of a product that will allow these emails to to captured and monitored. Oh before anyone suggests any exchange resident software, that option is out, we need to be external of the server and not a member of the domain - just sniffing the stuff as it goes by. Alternatively, does anyone know of a tool that will allow me to crack the RPC encryption/encoding to see the email in clear before I replay it to a server for keyword monitoring purposes? Oh the architecture is a 200 server with exch 2003 and a XP client with Office 2002 (incase that matters/helps) All tips gratefully received. Steve A steve<at>logicallysecure.org
Current thread:
- re: DECODING EMAILS BETWEEN MS EXCHANGE AND A CLIENT Dan Berberich (Jul 21)
- RE: DECODING EMAILS BETWEEN MS EXCHANGE AND A CLIENT Steve A (Jul 21)
- <Possible follow-ups>
- RE: DECODING EMAILS BETWEEN MS EXCHANGE AND A CLIENT Dan Berberich (Jul 22)