carbuncle's Introduction

Carbuncle

Tool for interacting with outlook interop during red team engagements.

Usage

Carbuncle Usage:
carbuncle.exe <action> <action arguments>

Actions:
	searchmail		Search for an e-mail in the users inbox
	attachments		Search for and download attachments
	read			Read a specific e-mail item
	send			Send an e-mail
	monitor			Monitor for new e-mail items

read:
	/entryid:		Read an e-mail by its specific unique ID
					carbuncle.exe read /entryid:00000000ABF08F38F774EF44BD800D54DA6135740700438C90E5F1E27549A26DD4C4CE7C884C0069B971A0EB00007E3487BFEF2F834F93D188D339E4EA4E00003BA5A49B0000
	
	/number:		Readn an e-mail by its numerical position in the inbox.
					carbuncle.exe read /number:3
					
	/subject		Read an e-mail by its subject
					carbuncle.exe read /subject:"Password Reset 05/20/2021"
					
	
searchmail:
	/body			Search by the content of the body. Supported search methods: /regex and /content
					carbuncle.exe searchmail /body /content:"Password" [/display]
					
	/senderaddress	Search by sender address. Supported search methods: /regex and /address
					carbuncle.exe searchmail /senderaddress:"[email protected]" [/display]
					
	/subject		Search by e-mail subject. Supported search methods: /regex and /content
					carbuncle.exe searchmail /subject /regex:"(checky).+" [/display]
	
	/attachment		Search by e-mail attachment. Supported serach methods: /regex and /name
					carbuncle.exe searchmail /regex:"(id_rsa).+" /downloadpath:"C:\\temp\\" [/display]
	
	/all			Gets all e-mails
					carbuncle.exe /all [/display]
	
	Optional Flags:
	/display 		Display the body of any matched e-mail.
	/downloadpath	Download any matching attachments to the specified location

monitor:
	Optional:
	/regex			Can specify a regex to only notify on new e-mails that match a specific regex
					carbuncle.exe monitor /regex:(id_rsa) [/display]
	
	/display		Display the e-mails in console as they arrive.
					carbuncle.exe monitor /display
					
attachments
	/all			Downloads all attachments to the specified download folder
					carbuncle.exe attachments /downloadpath:"C:\\temp\\" /all
					
	/entryid		Download attachment from a specified e-mail
					carbuncle.exe attachments /downloadpath:"C\\temp\\" /entryid:00000000ABF08F38F774EF44BD800D54DA6135740700438C90E5F1E27549A26DD4C4CE7C884C0069B971A0EB00007E3487BFEF2F834F93D188D339E4EA4E00003BA5A49B0000
					
					
send
	/subject		Sets the subject of the e-mail
 
	/recipients		A comma separated list of recipients for the e-mail to be sent to

	/body			Body of the e-mail to send.
			
	/attachment		The local file of the attachment to be included in the e-mail

	/attachmentname	(Optional) The name of the attachment. The default is the name of the file without the extension.
					carbuncle.exe send /subject:"test e-mail please ignore" /recipients:"[email protected],[email protected]" /body:"Hello World" /attachment:"C:\\temp\\attachment.exe" /attachmentname:"Totally Legitimate"

carbuncle's People

Contributors

Stargazers

Watchers

carbuncle's Issues

System.NullReferenceException in any mode

Hi!
Your tool is very interesting.

I really want to test and use it, but I really dont know why in any mode: read, send, monitor... it throws this error:

Im testing this tool with Outlook 2008 (13127.21668)

If you have any ideas how to fix that project or what Im doing wrong just tell me ^^
Regards!

Some commands close Outlook UI

I noticed that commands such as searchmail and read close the Outlook user-interface window when they finish running. I think this is because these commands call MailSearcher.GetInboxItems(). And, MailSearcher.GetInboxItems() calls outlookApplication.Quit().

I found that removing outlookApplication.Quit() from MailSearcher.GetInboxItems() solves the issue, at least on my computer (Windows 10, Outlook 2019). Specifically, with Quit() removed, I find that...

If Outlook UI is open when I start Carbuncle, the Outlook UI stays open after Carbuncle finishes.
If Outlook UI is closed when I start Carbuncle, the Outlook UI stays closed after Carbuncle finishes.

So, I was wondering if this Quit() needs to be there, or if maybe we should remove it.

Example using send command?

Thanks for creating Carbuncle; I have found it to be quite helpful.

The README.md explains how to use most of the commands, but it doesn't really explain the send command. I tried using it in the following ways:

.\Carbuncle.exe send /recipients "[email protected]" /subject "hello" /body "from carbuncle"

.\Carbuncle.exe send recipients "[email protected]" subject "hello" body "from carbuncle"

But, on both of these, the output I got on the command line was:

[+] Sending an e-mail.
Recipients:
Subject:
Body:
There must be at least one name or contact group in the To, Cc, or Bcc box.
Done.

Would you be willing to provide an example of the correct syntax for using the send command?

Recommend Projects

checkymander / carbuncle Goto Github PK

carbuncle's Introduction

Carbuncle

Usage

carbuncle's People

Contributors

Stargazers

Watchers

Forkers

carbuncle's Issues

System.NullReferenceException in any mode

Some commands close Outlook UI

Example using send command?

Recommend Projects

React

Vue.js

Typescript

TensorFlow

Django

Laravel

D3

Recommend Topics

javascript

web

server

Machine learning

Visualization

Game

Recommend Org

Facebook

Microsoft

Google

Alibaba

D3

Tencent