OAT (OCS Assessment Tool) – Office Communication Server Security Assessment Tool


OAT is an Open Source Security tool designed to check the password strength of Microsoft Office Communication Server users. After a password is compromised, OAT demonstrates potential UC attacks that can be performed by legitimate users if proper security controls are not in place.

Features

  • Online Dictionary Attack
  • Presence Stealing
  • Contact List Stealing
  • Single User Flood Mode (Internal)
  • Domain Flood Mode (Internal)
  • Call Walk (Internal/External)
  • Play Spam Audio
  • Detailed Report Generation

OAT Modes

Internal Network Attack Mode

Internal Network Mode simulates attacks from the internal IP network, where the attacker has unrestricted access to shared resources and reachability to servers. OCS users are provisioned on a Domain Controller (DC) and can query the DC for data. OAT exploits internal network access by querying the DC for all the communication enabled users. It then adds these users to the attack list.


The following attacks can be performed from the internal network

  • Single user IM Flood
  • Domain IM Flood
  • Call Walk

External Network Attack Mode

External Network Attack Mode simulates the real world attack scenario in which an attacker is outside of the corporate IP network. An attacker sourced from outside of the firewall can not directly query the DC unless they know its hostname.

Once the Dictionary attack is successful against target user, OAT functions like a legitimate OCS client, registering itself with Office Communication Server. Once registered, OAT queries for the contact list of target user and uses this information to create a victim target list. This information is useful for the next attack phase.

The following tests can be performed from the external network

  • Contact List Stealing
  • List IM Flood
  • Call Walking

You can download OAT here:

OAT1.0.zip

Or read more here.

Posted in: Hacking Tools, Networking Hacking Tools, Windows Hacking

, , , ,


Latest Posts:


Socialscan - Command-Line Tool To Check For Email And Social Media Username Usage Socialscan – Command-Line Tool To Check For Email And Social Media Username Usage
socialscan is an accurate command-line tool to check For email and social media username usage on online platforms, given an email address or username,
CFRipper - CloudFormation Security Scanning & Audit Tool CFRipper – CloudFormation Security Scanning & Audit Tool
CFRipper is a Python-based Library and CLI security analyzer that functions as an AWS CloudFormation security scanning and audit tool
CredNinja - Test Credential Validity of Dumped Credentials or Hashes CredNinja – Test Credential Validity of Dumped Credentials or Hashes
CredNinja is a tool to quickly test credential validity of dumped credentials (or hashes) across an entire network or domain very efficiently.
assetfinder - Find Related Domains and Subdomains assetfinder – Find Related Domains and Subdomains
assetfinder is a Go-based tool to find related domains and subdomains that are related to a given domain from a variety of sources including Facebook and more.
Karkinos - Beginner Friendly Penetration Testing Tool Karkinos – Beginner Friendly Penetration Testing Tool
Karkinos is a light-weight Beginner Friendly Penetration Testing Tool, which is basically a 'Swiss Army Knife' for pen-testing and/or hacking CTF's.
Aclpwn.Py - Exploit ACL Based Privilege Escalation Paths in Active Directory Aclpwn.Py – Exploit ACL Based Privilege Escalation Paths in Active Directory
Aclpwn.py is a tool that interacts with BloodHound< to identify and exploit ACL based privilege escalation paths.


Comments are closed.