Re: [PEN-TEST] examining exchange mail

[Mark Armitage <mark.armitage () SAVERNAKE COM>]

Andrew,

The easiest way to do this is to log in as admin, give yourself privs to
their mailbox ( in exchange admin) , and then use outlook (file open special
folder) to open their mail,

if you dont want to do this there are several other options but they get
very complex, either way you need the privs to get to the mail.


For diagnostic purposes only :
There is a program called "mbd view" on the exchange CD (not installed by
default) you can use it to examine all the data and strctures in the mdb,
use it wisely, or you will break it.
There is even a way of creating spy profiles to use mdbview on 'stuck
emails' in MTA queues, or deleting emails that crash the internet mail
connector (yes this does happen). (page 609 exchange server training book.
isbn 1-572310709-4)


Hope this is usefull

Mark.

-----Original Message-----
From: Andrew Thomas [mailto:blink () EYE2EYE NET]
Sent: 06 December 2000 17:23
To: PEN-TEST () SECURITYFOCUS COM
Subject: [PEN-TEST] examining exchange mail


Hi,

I know the topic of getting mail has come up before, so please understand
I'm not asking for a way to gather mail as it arrives, either via Dug Song's
mailsnarf, bcc tomfoolery or playing with relays.

I have domain admin on a network, and I want to know how I would go about
viewing mail *stored* on the Exchange Server, if this is possible.

What little research I have done, has not turned up much, so if anyone could
help, it would be much appreciated.

Take care,
  Andrew
-
Andrew Thomas
<eye2eye> digital distillers ltd
office: +27-(0)21-4889820
facsimile: +27-(0)21-4889830
mobile: +27-(0)82-7850166