OAT – Microsoft OCS Assessment Tool (Office Communication Server)


OAT is an Open Source Microsoft OCS Assessment Tool designed to check the password strength of Lync and Microsoft Office Communication Server users. After a password is compromised, OAT demonstrates potential UC attacks that can be performed by legitimate users if proper security controls are not in place.

OAT - Microsoft OCS Assessment Tool (Office Communication Server)

We first wrote about OAT when it was v1.0 and just came out in 2009.

OAT has a user friendly tabbed interface that begins with a password strength test feature. Once the OAT user has successfully elicited the password, attack modules from subsequent tabs can be used for launching UC attacks against valid, registered Lync and OCS users.

New in OAT v3.0

  • Lync Support
  • Improved speed of the online dictionary attack
  • Fixed issues with play spam audio for call walking
  • Minor graphical enhancements
  • New Active Directory Options

Features

  • Online Dictionary Attack
  • Presence Stealing
  • Contact List Stealing
  • Targeted IM Flood
  • Targeted Call Walk
  • Communicator DoS
  • Audio Call Spam
  • Report Generation
  • OCS 2007 & OCS 2007 R2

You can download OAT v3.0 here:

OAT-inst-3.05.zip

Or read more here.

Posted in: Hacking Tools, Windows Hacking

, , , ,


Latest Posts:


Karkinos - Beginner Friendly Penetration Testing Tool Karkinos – Beginner Friendly Penetration Testing Tool
Karkinos is a light-weight Beginner Friendly Penetration Testing Tool, which is basically a 'Swiss Army Knife' for pen-testing and/or hacking CTF's.
Aclpwn.Py - Exploit ACL Based Privilege Escalation Paths in Active Directory Aclpwn.Py – Exploit ACL Based Privilege Escalation Paths in Active Directory
Aclpwn.py is a tool that interacts with BloodHound< to identify and exploit ACL based privilege escalation paths.
Vulhub - Pre-Built Vulnerable Docker Environments For Learning To Hack Vulhub – Pre-Built Vulnerable Docker Environments For Learning To Hack
Vulhub is an open-source collection of pre-built vulnerable docker environments for learning to hack. No pre-existing knowledge of docker is required, just execute two simple commands.
LibInjection - Detect SQL Injection (SQLi) and Cross-Site Scripting (XSS) LibInjection – Detect SQL Injection (SQLi) and Cross-Site Scripting (XSS)
LibInjection is a C library to Detect SQL Injection (SQLi) and Cross-Site Scripting (XSS) through lexical analysis of real-world Attacks.
Grype - Vulnerability Scanner For Container Images & Filesystems Grype – Vulnerability Scanner For Container Images & Filesystems
Grype is a vulnerability scanner for container images and filesystems with an easy to install binary that supports the packages for most major *nix based OS.
APT-Hunter - Threat Hunting Tool via Windows Event Log APT-Hunter – Threat Hunting Tool via Windows Event Log
APT-Hunter is a threat hunting tool for windows event logs made from the perspective of the purple team mindset to provide detection for APT movements hidden in the sea of windows event logs.


Comments are closed.