OAT (OCS Assessment Tool) – Office Communication Server Security Assessment Tool

Keep on Guard!


OAT is an Open Source Security tool designed to check the password strength of Microsoft Office Communication Server users. After a password is compromised, OAT demonstrates potential UC attacks that can be performed by legitimate users if proper security controls are not in place.

Features

  • Online Dictionary Attack
  • Presence Stealing
  • Contact List Stealing
  • Single User Flood Mode (Internal)
  • Domain Flood Mode (Internal)
  • Call Walk (Internal/External)
  • Play Spam Audio
  • Detailed Report Generation

OAT Modes

Internal Network Attack Mode

Internal Network Mode simulates attacks from the internal IP network, where the attacker has unrestricted access to shared resources and reachability to servers. OCS users are provisioned on a Domain Controller (DC) and can query the DC for data. OAT exploits internal network access by querying the DC for all the communication enabled users. It then adds these users to the attack list.


The following attacks can be performed from the internal network

  • Single user IM Flood
  • Domain IM Flood
  • Call Walk

External Network Attack Mode

External Network Attack Mode simulates the real world attack scenario in which an attacker is outside of the corporate IP network. An attacker sourced from outside of the firewall can not directly query the DC unless they know its hostname.

Once the Dictionary attack is successful against target user, OAT functions like a legitimate OCS client, registering itself with Office Communication Server. Once registered, OAT queries for the contact list of target user and uses this information to create a victim target list. This information is useful for the next attack phase.

The following tests can be performed from the external network

  • Contact List Stealing
  • List IM Flood
  • Call Walking

You can download OAT here:

OAT1.0.zip

Or read more here.

Posted in: Hacking Tools, Networking Hacking, Windows Hacking

, , , ,


Latest Posts:


OWASP ZSC - Obfuscated Code Generator Tool OWASP ZSC – Obfuscated Code Generator Tool
OWASP ZSC is an open source obfuscated code generator tool in Python which lets you generate customized shellcodes and convert scripts to an obfuscated script.
A Look Back At 2017 – Tools & News Highlights A Look Back At 2017 – Tools & News Highlights
So here we are in 2018, taking a look back at 2017, quite a year it was. Here is a quick rundown of some of the best hacking/security tools released in 2017, the biggest news stories and the 10 most viewed posts on Darknet as a bonus.
Spectre & Meltdown Checker - Vulnerability Mitigation Tool For Linux Spectre & Meltdown Checker – Vulnerability Mitigation Tool For Linux
Spectre & Meltdown Checker is a simple shell script to tell if your Linux installation is vulnerable against the 3 "speculative execution" CVEs that were made public early 2018.
Hijacker - Reaver For Android Wifi Hacker App Hijacker – Reaver For Android Wifi Hacker App
Hijacker is a native GUI which provides Reaver for Android along with Aircrack-ng, Airodump-ng and MDK3 making it a powerful Wifi hacker app.
Sublist3r - Fast Python Subdomain Enumeration Tool Sublist3r – Fast Python Subdomain Enumeration Tool
Sublist3r is a Python-based tool designed to enumerate subdomains of websites using OSINT. It helps penetration testers and bug hunters collect and gather subdomains for the domain they are targeting.
coWPAtty Download - Audit Pre-shared WPA Keys coWPAtty Download – Audit Pre-shared WPA Keys
coWPAtty is a C-based tool for running a brute-force dictionary attack against WPA-PSK and audit pre-shared WPA keys.


Comments are closed.