If the ‘lyncdiscover’ subdomain exists, it will serve an XML file that references the Front-End server. Microsoft’s recommended naming format for the autodiscover URL is: Luckily, locating these servers is usually not an issue. This server will be our primary target throughout the attack.
Locating the Front-End Serverīefore Skype4B can be attacked, it is necessary to determine the location of the Front-End server. In this blog post, I will walk through information gathering, user-enumeration, and brute-force attacks against an internal network, using only the attack-surface opened by a standard implementation of self-hosted Skype for Business. In a very real sense, Skype4B provides a bridge from The Internet into a company’s internal network, allowing an attacker to interact with the internal Active Directory environment. This bit of convenience makes Skype4B an attractive target to attackers. Skype for Business, by design, is meant to encourage communication between individuals and it is often externally-accessible so that employees can stay connected 24×7 without the need for a VPN. When companies choose to host Skype for Business (previously Microsoft Lync) on-premises, they can inadvertently introduce a large attack surface. Note: For the sake of brevity throughout this post, Skype for Business and Microsoft Lync will both be referred to under the umbrella designation of ‘Skype4B’. If you’re using O365 wait for the next post. TL DR: How to attack self-hosted Skype for Business (Lync) servers. As I said the desktop Skype for Business logs in just fine.By TrustedSec in Penetration Testing, Security Testing & Analysis
Also I haven't configured anything after registering the Office 365 account just used the default settings. I have tried it with IE/Chrome/Firefox, all the same. Upon navigating to this address I find that the SSL cert doesn't match the URL. There is another request to which returns 403 Forbidden. The request fails with some name lookup failure or something, doesn't even return an HTTP response. Upon inspecting the network traffic, I found the following:
The ajax loader image is displayed and never disappears.
Then I tried to sign in with my aforementioned account and it doesn't work. I have installed the Skype for Business Web App Plug-in, put the sample code under IIS and opened it via a browser. I have registered a trial Office 365 account ( ) and I have a user there ( I run the desktop version of Skype for Business then I can log in with my account so it seems that the Lync service does work. I have downloaded the Skype Web SDK samples from here, but I can't make them work.
0 kommentar(er)
