Code Snippets

#Exchange Online [PS] C:Windowssystem32> Get-Mailbox test01@test.com Name Alias Database —- —– ——– 32b2bd38-24a0-4ed1-9c5… test01 DEUP281DG201-db215 #Exchange On-Premises [PS] C:Windowssystem32>Get-Mailbox -Identity test01@test.com Name Alias ServerName ProhibitSendQuota —- —– ———- —————– Test01 test01 exc8201 Unlimited

.\CVE-2023-23397.ps1 -Environment OnPrem -UserMailboxes kevin@schweigerstechblog.de -EWSServerURL https://exchange.schweigerstechblog.de/EWS/Exchange.asmx Cmdlet CVE-2023-23397.ps1 an der Befehlspipelineposition 1 Geben Sie Werte für die folgenden Parameter an: Credential CVE-2023-23397 script version 23.03.15.2119 Trying to find Microsoft.Exchange.WebServices.dll in the script folder Microsoft.Exchange.WebServices.dll was found in the script folder Scanning 1 of 1 mailboxes (currently: kevin@schweigerstechblog.de) No vulnerable item found

Log Name: Microsoft-Windows-DeviceManagement-Enterprise-Diagnostics-Provider/Admin Source: DeviceManagement-Enterprise-Diagnostics-Provider Event ID: 76 Level: Error Description: Auto MDM Enroll: Failed (Unknown Win32 Error code: 0x80180002b)

[PS] C:Windowssystem32> Get-User test01@test.com | fl Name, Displayname, *Recipient* Name : 32b2bd38-24a0-4ed1-9c5e-007d4542d14c DisplayName : test01 PreviousRecipientTypeDetails : UserMailbox RecipientType : MailUser RecipientTypeDetails : MailUser [PS] C:Windowssystem32> Get-User test01@test.com | Set-User -PermanentlyClearPreviousMailboxInfo [PS] C:Windowssystem32> Get-MailUser test01@test.com | Set-MailUser -RemoveDisabledArchive

### Check if Mitigation Service has been enabled for Organization [PS] C:\Program Files\Microsoft\Exchange Server\V15\scripts>Get-OrganizationConfig | select MitigationsEnabled MitigationsEnabled —————— True ### Check if Mitigation Service has been enabled for Exchange Nodes [PS] C:\Program Files\Microsoft\Exchange Server\V15\scripts>Get-ExchangeServer | select Name, Miti* Name MitigationsEnabled MitigationsApplied MitigationsBlocked —- —————— —————— —————— EX0401 True {M1.1, PING1} ### Check already applied...

PS C:\Users\kschweiger> Invoke-WebRequest https://mail.domain.com/autodiscover/autodiscover.json?@evil.com/powershell$Email=autodiscover/autodiscover.json%3f@evil.com  Invoke-WebRequest : Der Remoteserver hat einen Fehler zurückgegeben: (403) Unzulässig. In Zeile:1 Zeichen:1 + Invoke-WebRequest https://mail.domain.com/autodiscover/autodis … + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : InvalidOperation: (System.Net.HttpWebRequest:HttpWebRequest) [Invoke-WebRequest], WebExc eption + FullyQualifiedErrorId : WebCmdletWebResponseException,Microsoft.PowerShell.Commands.InvokeWebRequestCommand

– name: GATHER FACTS TESTING hosts: all gather_facts: no – name: GATHER Facts Windows setup: fact_path: C:\ProgramData\A8N\CustomFacts\A8N_CustomFacts01.ps1 gather_timeout: 15 gather_subset: – ‚!hardware‘ – ‚!network‘ – ‚!ohai‘ – ‚!facter‘ register: hosts_windows

### Get all Windows Roles & Services $winFeatures = Get-WindowsFeature -ErrorAction SilentlyContinue ### CHECK for installed WINDOWS ROLES $Services = @() if(($winFeatures | Where-Object{$_.Name -like "AD-Domain-Services"}).InstallState -eq "Installed"){$Services += "Domain Controller"} if(($winFeatures | Where-Object{$_.Name -like "AD-Certificate"}).InstallState -eq "Installed"){$Services += "Certificate Authority"} if(($winFeatures | Where-Object{$_.Name -like "DHCP"}).InstallState -eq "Installed"){$Services += "DHCP"} if(($winFeatures | Where-Object{$_.Name -like "Print-Services"}).InstallState...

[PS] C:\Windows\system32>Get-Mailbox benutzer01 | fl *Archive* ArchiveDatabase : ArchiveGuid : f5ebf781-7dbd-468b-9640-ad63098b3fa0 ArchiveName : {Archiv – Benutzer01} JournalArchiveAddress : ArchiveQuota : 20 GB (21,474,836,480 bytes) ArchiveWarningQuota : 18 GB (19,327,352,832 bytes) ArchiveDomain : O365Organisation.mail.onmicrosoft.com ArchiveStatus : Active ArchiveState : HostedProvisioned AutoExpandingArchiveEnabled : False DisabledArchiveDatabase : DisabledArchiveGuid : 00000000-0000-0000-0000-000000000000 ArchiveRelease :

PS C:Userskschweiger> Get-MsolServicePrincipal -AppPrincipalId 00000002-0000-0ff1-ce00-000000000000 | select -ExpandProperty ServicePrincipalNames https://autodiscover.schweigerstechblog.de https://exchange.schweigerstechblog.de 00000002-0000-0ff1-ce00-000000000000/exchange.schweigerstechblog.de 00000002-0000-0ff1-ce00-000000000000/autodiscover.schweigerstechblog.de 00000002-0000-0ff1-ce00-000000000000/schweigerstechblog.de