OAT (OCS Assessment Tool) – Office Communication Server Security Assessment Tool

Use Netsparker


OAT is an Open Source Security tool designed to check the password strength of Microsoft Office Communication Server users. After a password is compromised, OAT demonstrates potential UC attacks that can be performed by legitimate users if proper security controls are not in place.

Features

  • Online Dictionary Attack
  • Presence Stealing
  • Contact List Stealing
  • Single User Flood Mode (Internal)
  • Domain Flood Mode (Internal)
  • Call Walk (Internal/External)
  • Play Spam Audio
  • Detailed Report Generation

OAT Modes

Internal Network Attack Mode

Internal Network Mode simulates attacks from the internal IP network, where the attacker has unrestricted access to shared resources and reachability to servers. OCS users are provisioned on a Domain Controller (DC) and can query the DC for data. OAT exploits internal network access by querying the DC for all the communication enabled users. It then adds these users to the attack list.


The following attacks can be performed from the internal network

  • Single user IM Flood
  • Domain IM Flood
  • Call Walk

External Network Attack Mode

External Network Attack Mode simulates the real world attack scenario in which an attacker is outside of the corporate IP network. An attacker sourced from outside of the firewall can not directly query the DC unless they know its hostname.

Once the Dictionary attack is successful against target user, OAT functions like a legitimate OCS client, registering itself with Office Communication Server. Once registered, OAT queries for the contact list of target user and uses this information to create a victim target list. This information is useful for the next attack phase.

The following tests can be performed from the external network

  • Contact List Stealing
  • List IM Flood
  • Call Walking

You can download OAT here:

OAT1.0.zip

Or read more here.

Posted in: Hacking Tools, Networking Hacking, Windows Hacking

, , , ,


Latest Posts:


SCADA Hacking - Industrial Systems Woefully Insecure SCADA Hacking – Industrial Systems Woefully Insecure
airgeddon - Wireless Security Auditing Script airgeddon – Wireless Security Auditing Script
Airgeddon is a Bash powered multi-use Wireless Security Auditing Script for Linux systems with an extremely extensive feature list.
Acunetix v12 - Pause & Resume Acunetix v12 – More Comprehensive More Accurate & 2x Faster
Acunetix, the pioneer in automated web application security software, has announced the release of Acunetix v12 - more comprehensive, accurate & 2x faster.
CloudFrunt - Identify Misconfigured CloudFront Domains CloudFrunt – Identify Misconfigured CloudFront Domains
CloudFrunt is a Python-based tool for identifying misconfigured CloudFront domains, it uses DNS and looks for CNAMEs which may be allowed to be associated with CloudFront distributions.
Airbash - Fully Automated WPA PSK Handshake Capture Script Airbash – Fully Automated WPA PSK Handshake Capture Script
Airbash is a POSIX-compliant, fully automated WPA PSK handshake capture script aimed at penetration testing, it is compatible with Bash and Android Shell.
XXEinjector - Automatic XXE Injection Tool For Exploitation XXEinjector – Automatic XXE Injection Tool For Exploitation
XXEinjector is an XXE Injection Tool that automates retrieving files using direct and out of band methods. Directory listing only works in Java applications.


Comments are closed.