check credentials even though they valid

[donjuanme]

root@testhost:~/pentest/ruler# ./ruler-linux64 --email [email protected] --verbose --nocache --basic --debug check
Password:
[+] Retrieving MAPI/HTTP info
[*] Autodiscover step 0 - URL: https://autodiscover.testhost.com/autodiscover/autodiscover.xml
ERROR: 11:22:33 ruler.go:29: The autodiscover service request did not complete.
Access denied. Check your credentials

with debug and verbose i am not seeing more details , any ideas on why i could identify why its failing ? the creds are 100% working as i logged into the mailbox with it.

if i browse directly to the url and login with email and password i get this

<Autodiscover xmlns="http://schemas.microsoft.com/exchange/autodiscover/responseschema/2006"> <Response> <Error Time="10:26:43.6042510" Id="2672970607"> <ErrorCode>600</ErrorCode> <Message>Invalid Request</Message> <DebugData/> </Error> </Response> </Autodiscover>

[staaldraad]

Hi

Based on your information above, it could likely be one of two things. First, you aren't using --username you might require this, either using the username or email address. Secondly it could be the use of --basic, this forces Basic authentication rather than NTLM, which is more common on Exchange.
You might need to play around with --username and either including --basic or leaving it out.

[peyu123]

adding -u admin shows this

ERROR: 16:26:47 ruler.go:29: mapi: a transport layer error occurred. mapi: a transport layer error occurred. Empty HTTP Response

adding --basic with or without username gives the credentials error

although adding --rpc allows it to work, but i am not sure why without --rpc it doesnt seem to work

[staaldraad]

Hi, I believe this might be fixed in the new release, if you still have access to the environment, please give it a try.

[donjuanme]

hi, i have similar issue. still doesn't seem to work.

go run ruler.go
VERSION:
2.4.0

if i browse to https://autodiscover.test.com/autodiscover/autodiscover.xml i am presented with basic auth

domain\user
password

works to log me in. but i get the following message

600 Invalid Request

if i still try to use ruler i get the following errors

go run ruler.go -u "validusername" -p "validpassword" -d test.com -k --verbose --url https://autodiscover.test.com/autodiscover/autodiscover.xml check
[*] Autodiscover step 0 - URL: https://autodiscover.test.com/autodiscover/autodiscover.xml
ERROR: 14:26:08 ruler.go:29: The autodiscover service request did not complete.
Access denied. Check your credentials
exit status 255

======= ADDING -b=======
go run ruler.go -b -u "validusername" -p "validpassword" -d test.com -k --verbose --url https://autodiscover.test.com/autodiscover/autodiscover.xml check

Access denied. Check your credentials

========USING EMAIL======
go run ruler.go --email "[email protected]" -p "validpassword" -k --verbose --url https://autodiscover.test.com/autodiscover/autodiscover.xml check
[*] Autodiscover step 0 - URL: https://autodiscover.test.com/autodiscover/autodiscover.xml
ERROR: 14:30:00 ruler.go:29: The autodiscover service request did not complete.
Access denied. Check your credentials
exit status 255

no matter what option or method i used and i really tried all variations , nothing works.

this does give me a different response

go run ruler.go -u "validuser" -p "validpassword" -k --verbose --url https://autodiscover.test.com/autodiscover/autodiscover.xml abk list
[*] Autodiscover step 0 - URL: https://autodiscover.test.com/autodiscover/autodiscover.xml
ERROR: 14:49:13 ruler.go:29: The autodiscover service responded with an error.
Invalid Request
exit status 255

[staaldraad]

@donjuanme a few thoughts, you might need to use both --email and --username.
The other thing is to check --domain refers to the internal domain. So maybe it is test and not test.com