Latest Changelog ruler v2.1.4:
+ Fixes a few niggles with forms being displayed and deleted
+ restore DecodeBufferToRows to working version.
+ Adds the –rule option that creates a new rule to auto delete the form email as it arrives. This causes the form to trigger
+ Adds the ability to trigger a shell through Outlook forms.
Ruler is a tool that allows you to interact with Exchange servers through the MAPI/HTTP protocol. The main aim is abuse the client-side Outlook mail rules.
Ruler has multiple functions and more are planned. These include
* Enumerate valid users
* View currently configured mail rules
* Create new malicious mail rules
* Delete mail rules
Ruler attempts to be semi-smart when it comes to interacting with Exchange and uses the Autodiscover service (just as your Outlook client would) to discover the relevant information.
+ Brute-force for credentials
+ The autodiscover service
+ PtH – Passing the hash
+ Display existing rules / verify account
+ Delete existing rules (clean up after yourself)
+ Popping a shell
Use, download and build from source:
git clone https://github.com/sensepost/ruler && cd ruler
go get github.com/sensepost/ruler
go get github.com/urfave/cli
go get github.com/staaldraad/go-ntlm/ntlm
Upgrade: git pull