Skip to content

glynx/peas

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

23 Commits
peas
peas
 
 
.gitignore
.gitignore
 
 
LICENSE.md
LICENSE.md
 
 
README.md
README.md
 
 
extractemails.py
extractemails.py
 
 
hostnames.txt
hostnames.txt
 
 
requirements.txt
requirements.txt
 
 
setup.py
setup.py
 
 

Repository files navigation

PEAS

PEAS is a command line tool to access Microsoft Exchange over ActiveSync. It is based on research by Adam Rutherford and David Chismon of MWR. The original project targeted Python 2; this fork is fully ported to Python 3.

Setup

Install with uv.

uv tool install git+https://github.com/glynx/peas@master

Usage

Check credentials.

peas -u 'megacorp\snovvcrash' -p 'Passw0rd1!' mx.megacorp.com --check

Register a device and note the device id show in the output.

peas -u 'megacorp\snovvcrash' -p 'Passw0rd1!' mx.megacorp.com --provision-device --user-agent Apple-iPhone15C4/2301.355 --device-type iPhone --device-name 'iPhone 15' --device-os 'iOS 26.0.1 23A355' --device-model iPhone15C4

Note

All device options should be repeated for each following command.

peas -u 'megacorp\snovvcrash' -p 'Passw0rd1!' mx.megacorp.com --provision-device --user-agent Apple-iPad15C3/2207.100 --device-type iPad --device-name 'iPad Air 11-inch (M3)' --device-os 'iOS 18.6.2 22G100' --device-model iPad15C3
peas -u 'megacorp\snovvcrash' -p 'Passw0rd1!' mx.megacorp.com --list-unc '\\localhost' --device-id $id --user-agent Apple-iPad15C3/2207.100 --device-type iPad --device-name 'iPad Air 11-inch (M3)' --device-os 'iOS 18.6.2 22G100' --device-model iPad15C3

Dump emails.

peas -u 'megacorp\snovvcrash' -p 'Passw0rd1!' mx.megacorp.com --list-folders
peas -u 'megacorp\snovvcrash' -p 'Passw0rd1!' mx.megacorp.com --emails --folder Posteingang
peas -u 'megacorp\snovvcrash' -p 'Passw0rd1!' mx.megacorp.com --emails --folder Posteingang -O ./emails

Access SMB shares.

peas -u 'megacorp\snovvcrash' -p 'Passw0rd1!' mx.megacorp.com --list-unc '\\localhost'
peas -u 'megacorp\snovvcrash' -p 'Passw0rd1!' mx.megacorp.com --list-unc '\\dc01\sysvol\megacorp.local'
peas -u 'megacorp\snovvcrash' -p 'Passw0rd1!' mx.megacorp.com --brute-unc --prefix mega
peas -u 'megacorp\snovvcrash' -p 'Passw0rd1!' mx.megacorp.com --dl-unc '\\dc02\guestshare\file.txt'
peas -u 'megacorp\snovvcrash' -p 'Passw0rd1!' mx.megacorp.com --dl-unc '\\dc02\guestshare\file.txt' -o ./file.txt
peas -u 'megacorp\snovvcrash' -p 'Passw0rd1!' mx.megacorp.com --crawl-unc '\\dc02\sysvol\megacorp.local'
peas -u 'megacorp\snovvcrash' -p 'Passw0rd1!' mx.megacorp.com --crawl-unc '\\dc02\sysvol\megacorp.local' --download

Note

Using an IP address or FQDN instead of a hostname in the UNC path may fail.

ActiveSync Cache

When PEAS connects to Exchange, it caches FolderSync results, SyncKeys and policy data in ./pyas_cache/<server>/<user>.asdb. The chosen cache file is printed whenever --emails or --list-folders is executed. Delete the subdirectory to reset the cache for a specific account.

Development

Don't look at the source code.

About

Modified version of PEAS client for offensive operations

snovvcrash.rocks/2020/08/22/tuning-peas-for-fun-and-profit.html

Resources

Readme

License

View license
Activity

Stars

50 stars

Watchers

0 watching

Forks

2 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • Python 100.0%