search

microsoft / CSS-Exchange

Exchange Server support tools and scripts
MIT License
1.21k stars 337 forks source link

Error when running CVE-2023-23397 script against EXO #1682

Open tbaccay opened 1 year ago

tbaccay commented 1 year ago

Describe the issue Could not audit EXO mailboxes

Expected behavior followed instructions for running cve-2023-23397.ps1 against EXO mailboxes first ran this, .\CVE-2023-23397.ps1 -CreateAzureApplication then this, Get-EXOMailbox -ResultSize Unlimited | .\CVE-2023-23397.ps1 -Environment "Online"

Script Output [04/28/2023 16:24:17] : Unable to process mailbox @.com as it seems to be inaccessible. Inner Exception:

Exception calling "Bind" with "2" argument(s): "The response received from the service didn't contain valid XML."

in the end, there is a message that says Couldn't Audit mailboxes, and it lists all of the EXO mailboxes

Additional context Am I missing a step when auditing EXO mailboxes?

dpaulson45 commented 1 year ago

@tbaccay was this the actual output or did you scrub the output of mailbox's SMTP address? 

[04/28/2023 16:24:17] : Unable to process mailbox @.com as it seems to be inaccessible. Inner Exception:

Exception calling "Bind" with "2" argument(s): "The response received from the service didn't contain valid XML."

I ask because @.com is an odd way to scrub the SMTP address. If it isn't scrubbed, that isn't a valid SMTP address.

tbaccay commented 1 year ago

I’ve scrubbed the email addresses

Exception calling "Bind" with "2" argument(s): "The response received from the service didn't contain valid XML." [04/28/2023 16:24:19] : Scanning 38 of 38 mailboxes (currently: @.*****a.com) [04/28/2023 16:24:19] : Unable to process mailbox *@*.****a.com as it seems to be inaccessible. Inner Exception:

@.***<http://> Information Technology Consultants to the Financial Services Community

Tristan A. Baccay Tel: 212.571.5544 Fax: 212.571.1633 Email: @.**@.> Web: www.wagweb.comhttp://www.wagweb.com

26 Broadway, Suite 967, New York, NY 10004 Support Requests: @.**@.>

From: David Paulson @.> Sent: Tuesday, May 2, 2023 10:35 AM To: microsoft/CSS-Exchange @.> Cc: Tristan A. Baccay @.>; Mention @.> Subject: Re: [microsoft/CSS-Exchange] Error when running CVE-2023-23397 script against EXO (Issue #1682)

@tbaccayhttps://github.com/tbaccay was this the actual output or did you scrub the output of mailbox's SMTP address?

[04/28/2023 16:24:17] : Unable to process mailbox @.com as it seems to be inaccessible. Inner Exception:

Exception calling "Bind" with "2" argument(s): "The response received from the service didn't contain valid XML."

I ask because @.com is an odd way to scrub the SMTP address. If it isn't scrubbed, that isn't a valid SMTP address.

— Reply to this email directly, view it on GitHubhttps://github.com/microsoft/CSS-Exchange/issues/1682#issuecomment-1531593267, or unsubscribehttps://github.com/notifications/unsubscribe-auth/A7P34PGRLSJ7JE2UEFLDSR3XEELQRANCNFSM6AAAAAAXPWJRAY. You are receiving this because you were mentioned.Message ID: @.***>