How can I brute-force Exchange credentials using the Autodiscover service?

To brute-force credentials via Autodiscover, send a request to `https://<server>/autodiscover/autodiscover.xml` using NTLM over HTTP (supports both plaintext and NTLM hash authentication). A 401 response indicates login failure, while a 200 response with '600 Invalid Request' indicates successful authentication. The implementation is similar to EWS brute-forcing, as discussed in the previous article Penetration Techniques - Pass the Hash with Exchange Web Service.