# Password Spraying OWA ## Overview **Outlook Web Access** is the on-premise **Exchange Mail server.** It is possible to pull quite a bit of information from the organization even if we don't fully break into it

## Attacking OWA with Metasploit Password Spraying with auxiliary module ```q use auxiliary/scanner/http/owa_login set user_file users.txt set password Winter24! ``` {% hint style="info" %} You may need to change the Auxiliary Action to the appropriate version ```bash set action OWA_2016 ``` {% endhint %} If the account is valid the server will get back to you faster than if the account is invalid. Metasploit has a builtin detection mechanism for this and saves the valid user accounts

{% hint style="warning" %} Metasploit won't stop if you continuously lock out accounts althought it will tell you if an account is locked out. Be sure to monitor it {% endhint %} When there's a successful login, Metasploit will give you the I**nternal Domain** and **naming system and convention** because we are using **Active Directory** credentials to login

--- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://pnpt.adot8.com/external-pentest-playbook/attacking-login-portals/password-spraying-owa.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.