Gate-crash (or Spoof?) a Lync User’s Conference

I was trawling the Lync “dbanalyze.exe” tool in the Lync ResKit as you do (I couldn’t sleep) and stumbled across a way of ascertaining a user’s Conference Id and dial-in code.

I thought this might come in handy at some stage if you REALLY need to fake-up a meeting request to a third party’s conference (poor-man’s delegation?), or gate-crash either the on-line component, or just dial in.

All you need to do is run a query of the database:

C:\Program Files\Microsoft Lync Server 2010\ResKit>DBAnalyze.exe /report:user /user:<username>@blah.com.au

This will reveal the following (in amongst a LOT of other output):

Conferences organized by the user
---------------------------------
ConfId         Title     Admission     PstnId       Active    StaticMeeting    IsPstnIdValid
-------------- --------- -----------   ------------ --------- ---------------  ------------- 
ABC123YZ                 Open          12345        False     True             True

From here it’s not going to take any effort to fake up a meeting invitation URL (“https://meet.blah.com.au/<username>/ABC123YZ”), or just dial-in and perhaps assume the presenter role with your own login and PIN.

– Beware that this is only going to work if the meeting is Static.

 

– G.

Leave a Reply

Your email address will not be published.

... and please just confirm for me that you're not a bot first: Time limit is exhausted. Please reload the CAPTCHA.

This site uses Akismet to reduce spam. Learn how your comment data is processed.