Exchange Server

Description

A server running Microsoft Exchange can be added to DetectionLab. For more information, visit Adding an Exchange Server to DetectionLab.

Purpose

The original intent was to release this functionality shortly after the March 2021 vulnerabilities outlined in this blog post. However, it took much longer to implement this, so the purpose is simply to test detection and telemetry from Exchange.

Configuration Details

Credentials:

  • windomain\administrator : password

Data Location

To log into the Exchange management shell:

  1. Right click on Exchange Management Shell from the start menu and select “Run as a different user”
  2. Use the credentials windomain\administrator : vagrant

To log into the actual exchange server:

  1. Visit https://exchange_server_ip/owa in a browser.
  2. Use the credentials windomain\adminstrator : vagrant to login to the console.

If you get an error about “too many redirects” or a failed connection, try giving the Exchange server another 5-10 minutes to finish initializing.