Create a gist now

Instantly share code, notes, and snippets.

What would you like to do?
PowerShell script to search for plaintext encrypted mails (CVE-2017-11776) - must be run while Outlook is running
<# DOES NOT WORK IN CONSTRAINED LANGUAGE MODE #>
Function Find-Recurse {
Param(
[parameter(Mandatory=$true)]
$Folder,
$Level=0
)
$Indent = "`t"*$Level
Write-Host "[-]$Indent Entering '$($Folder.Name)'"
$Folder.Folders | ForEach-Object {
Find-Recurse -Folder $_ -Level $($Level+1)
}
$Folder.Items |
ForEach-Object {
If ($_.MessageClass -eq "IPM.Note.SMIME" -And $_.SentOn.Year -eq 2017 -And $_.BodyFormat -eq 1) {
Write-Host "[-]$Indent Found '$($_.Subject)' sent by '$($_.SenderName)' to '$($_.To)' on '$($_.ReceivedTime)'"
}
}
}
Add-type -assembly "Microsoft.Office.Interop.Outlook" | out-null
$olFolders = "Microsoft.Office.Interop.Outlook.olDefaultFolders" -as [type]
$outlook = new-object -comobject outlook.application
$namespace = $outlook.GetNameSpace("MAPI")
$namespace.Folders | % { $_.Folders | % {Find-Recurse -Folder $_ -Level 1}}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment