private void convertButton_Click(object sender, EventArgs e)
{
if (string.IsNullOrEmpty(pstOutputPath.Text) || string.IsNullOrEmpty(folderInputPath.Text))
{
MessageBox.Show("Please select both paths !");
return;
}
RDOSession session = new RDOSession(); // throws exception 1
session.LogonPstStore(pstOutputPath.Text);
RDOFolder folder = session.GetDefaultFolder(rdoDefaultFolders.olFolderInbox);
string[] fileEntries = Directory.GetFiles(folderInputPath.Text, "*.eml");
foreach (string filePath in fileEntries)
{
RDOMail mail = folder.Items.Add("IPM.Mail");
mail.Sent = true;
mail.Import(filePath, 1024);
// folder.Items.Add(mail);
mail.Save();
}
session.Logoff();
MessageBox.Show("Done converting !");
}
private void AddFilesToFolder(List <MailItem> files, RDOFolder folder)
{
if (files != null && files.Any())
{
foreach (MailItem mailItem in files)
{
RDOMail mail = folder.Items.Add("IPM.Mail");
mail.Sent = true;
mail.Import(mailItem.FullPath, 1024);
// folder.Items.Add(mail);
mail.Save();
}
}
}
public static void ExtractPstFolder(RDOFolder folder, string folderPath)
{
if (folder == null)
{
throw new ArgumentNullException("folder");
}
if (folderPath == null)
{
throw new ArgumentNullException("folderPath");
}
if (folder.FolderKind == rdoFolderKind.fkSearch)
{
return;
}
if (!Directory.Exists(folderPath))
{
Directory.CreateDirectory(folderPath);
}
foreach (RDOFolder child in folder.Folders)
{
ExtractPstFolder(child, Path.Combine(folderPath, ToFileName(child.Name)));
}
foreach (var item in folder.Items)
{
RDOMail mail = item as RDOMail;
if (mail == null)
{
continue;
}
mail.SaveAs(Path.Combine(folderPath, ToFileName(mail.Subject)) + ".eml", rdoSaveAsType.olRFC822);
}
}
static void Main(string[] args)
{
// <3 visual studio
string origpath = Path.GetFullPath(@"..\..\..\backup.pst"); // Just full of spam
string targetpath = Path.GetFullPath(@"..\..\..\..\snapshot.pst"); // This will be the challenge
// Copy over the original pst
File.Copy(origpath, targetpath, true);
// Have to use Redemption for this, since outlook is "secure"
// Open the PST
RDOSession session = new RDOSession();
session.LogonPstStore(targetpath);
// Load the target inbox
RDOFolder inboxFolder = session.GetFolderFromPath("PRIVATE INBOX");
RDOItems inbox = inboxFolder.Items;
inbox.Sort("ReceivedTime", false); // Pre-sort them in ascending order
Console.WriteLine(inbox.Count);
// Encode the flag in DateTimes, hiding it in the year (2000 + c)
// e.g. 3/9/2102 12:45:54 AM ==> 102 => 'f'
var flag = "flag{w1k1L3ak5_g0T_n0tH1ng_0n_m3}".Select(c => EncodeChar(c)).ToList();
// fun
var aliases = Cycle(aliasStrings).GetEnumerator();
var subjects = Cycle(subjectStrings).GetEnumerator();
// Approximately space out the emails
int range = inbox.Count / flag.Count;
for (int i = 0; i < flag.Count; i++)
{
// Copy the delivery time from a random email in this range
DateTime recvTime = inbox[rand.Next(i * range, (i + 1) * range)].ReceivedTime;
DateTime flagtime = flag[i];
Console.WriteLine($"{flagtime} => {recvTime}");
// Create a fake email with the two times and other fun stuff
RDOMail flagmail = inbox.Add("IPM.Note");
flagmail.Importance = 1;
flagmail.ReceivedTime = recvTime;
flagmail.SentOn = flagtime;
flagmail.Subject = subjects.Next();
flagmail.To = "*****@*****.**";
flagmail.Sender = session.GetAddressEntryFromID(session.AddressBook.CreateOneOffEntryID(aliases.Next(), "SMTP",
"*****@*****.**",
false, false));
flagmail.Save();
}
// Sort the emails by delivery time, scattering the spoofed ones (in order) across the dump
inbox = inboxFolder.Items;
Console.WriteLine(inbox.Count);
inbox.Sort("ReceivedTime", false);
// Guess we're doing it this way -__-
Console.WriteLine("Flag is in place, moving to inbox...");
RDOFolder targetInbox = session.GetDefaultFolder(rdoDefaultFolders.olFolderInbox);
foreach (RDOMail email in inbox)
{
email.CopyTo(targetInbox);
}
targetInbox.Save();
Console.WriteLine("Done!");
}
//private void StoreOnNewMail(string entryId)
//{
// const string SOURCE = CLASS_NAME + "StoreOnNewMail";
// RDOMail mail = null;
// try
// {
// Logger.Verbose(SOURCE,"fired");
// return;
// mail = Store.GetMessageFromID(entryId);
// if (mail == null) return;
// //intercept Message Updated
// if (IsUpdateMessage(mail))
// {
// ThreadPool.QueueUserWorkItem(DeleteNewMail, entryId);
// return;
// }
// //check for our headers
// if (mail.MessageClass == Resources.message_class_CM
// || !Utils.HasChiaraHeader(mail))
// return;
// Logger.Info(SOURCE, string.Format(
// "updating message class on {0} in {1}",
// mail.Subject, Store.Name));
// mail.MessageClass = Resources.message_class_CM;
// mail.Save();
// }
// catch
// {
// mail = null;
// }
// finally
// {
// if (mail != null) Utils.ReleaseObject(mail);
// }
//}
private bool IsUpdateMessage(RDOMail mail)
{
const string SOURCE = CLASS_NAME + "IsUpdateMessage";
if (!mail.Subject.Equals(ThisAddIn.UPDATE_SUBJECT,
StringComparison.CurrentCultureIgnoreCase)) return false;
if (!mail.UnRead) return false;
//ignore if more than 1 day old
if (mail.SentOn.AddDays(1) < DateTime.Now) return false;
Logger.Verbose(SOURCE, string.Format(
"evaluating {0} in {1}", mail.Subject, Store.Name));
//extract data from internet message header
var pointer = "";
var sender = "";
var server = "";
var port = "";
Utils.ReadUpdateHeaders(mail, ref sender, ref pointer, ref server, ref port);
Logger.Verbose(SOURCE, string.Format(
"found {0} for {1} from {2} in {3}", pointer, mail.Subject, sender, Store.Name));
return true;
}
private static string GetHeader(RDOMail item, string header)
{
try
{
var propTag = item.GetIDsFromNames(ThisAddIn.PS_INTERNET_HEADERS, header) | ThisAddIn.PT_STRING8;
return Convert.ToString(item.Fields[propTag]);
}
catch
{
return string.Empty;
}
}
internal static void ReadUpdateHeaders(RDOMail item, ref string senderAddress,
ref string contentPointer, ref string serverName, ref string serverPort)
{
const string SOURCE = CLASS_NAME + "ReadUpdateHeaders";
try
{
var prop = item.Fields[MAPITags.PR_TRANSPORT_MESSAGE_HEADERS];
if (prop == null || string.IsNullOrEmpty(Convert.ToString(prop)))
{
var contentProp = item.Fields[ThisAddIn.MAIL_HEADER_GUID + Resources.update_header_pointer.ToLower()];
var serverNameProp= item.Fields[ThisAddIn.MAIL_HEADER_GUID + Resources.update_header_server.ToLower()];
var serverPortProp = item.Fields[ThisAddIn.MAIL_HEADER_GUID + Resources.update_header_port.ToLower()];
var senderProp = item.Fields[ThisAddIn.MAIL_HEADER_GUID + Resources.update_header_sender.ToLower()];
contentPointer = contentProp == null
? string.Empty
: Convert.ToString(contentProp);
if (string.IsNullOrEmpty(contentPointer)) return;
serverName = serverNameProp == null
? string.Empty
: Convert.ToString(serverNameProp);
serverPort = serverPortProp == null
? string.Empty
: Convert.ToString(serverPortProp);
senderAddress = senderAddress == null
? string.Empty
: Convert.ToString(senderProp);
return;
}
var headerBlock = prop.ToString();
//parse the headers
var headers = new Dictionary<string, string>();
var array = Regex.Split(headerBlock, @"(\r\n(?!\s))");
foreach (var t in array)
{
if (t.Equals("\r\n")) continue;
var pos = t.IndexOf(':');
if (pos <= 0) continue;
var header = t.Substring(0, pos).Trim().ToLower();
//some headers may be duplicated?
if (headers.ContainsKey(header)) continue;
var value = t.Substring(pos + 1).Trim();
headers.Add(header, value);
}
//Content-Pointer
headers.TryGetValue(Resources.update_header_pointer.ToLower(), out contentPointer);
//must have content pointer to be legit
if (string.IsNullOrEmpty(contentPointer)) return;
//Server-Name
headers.TryGetValue(Resources.update_header_server.ToLower(), out serverName);
//Server-Port
headers.TryGetValue(Resources.update_header_port.ToLower(), out serverPort);
//sender
headers.TryGetValue(Resources.update_header_sender.ToLower(), out senderAddress);
}
catch (Exception ex)
{
Logger.Error(SOURCE, ex.ToString());
}
}
internal static bool HasChiaraHeader(RDOMail item)
{
if (!string.IsNullOrEmpty(GetHeader(item, Resources.content_header)))
return true;
//if that fails try parsing the mail header
object prop;
try
{
prop = item.Fields[ThisAddIn.PR_MAIL_HEADER];
}
catch
{
prop = null;
}
if (prop == null) return false;
var header = Convert.ToString(prop);
//only need Content-Pointer header to be legal
return header.ToLower().Contains(
Resources.content_header.ToLower());
}
