利用NTLM Hash读取Exchange邮件

Related tags

Security related resourcesGetMail
Overview

GetMail

利用NTLM Hash读取Exchange邮件:在进行内网渗透时候,我们经常拿到的是账号的Hash凭据而不是明文口令。在这种情况下采用邮件客户端或者WEBMAIL的方式读取邮件就很麻烦,需要进行破解,NTLM的破解主要依靠字典强度,破解概率并不是很大。其实Exchange提供了利用NTLM Hash凭据进行验证的方法,从而可以进行任何操作。本程序支持邮箱目录结构的列举、邮件的阅读、附件的下载、关键字的搜索等功能,支持明文密码和NTLM Hash凭证两种认证方式。

参数介绍

  • -h, --help show this help message and exit
  • -u USER, --user=USER Please Input Username!
  • -H HASH, --hash=HASH Please Input Ntlmhash: xx:xx Or xxxx!
  • -p PSWD, --pswd=PSWD Please Input Password!
  • -e EMAIL, --email=EMAIL Please Input Email Address!
  • -c COUNT, --count=COUNT Please Input How Many Emails You Want To Read!
  • -s SERVER, --server=SERVER Please Input Email Server Address!
  • -k KEYWORD, --keyword=KEYWORD Please Input Keyword To Search!
  • -L, --List List All Email Floders!
  • -D, --download Whether Download Attachment Files Or Not!
  • -d, --display Show All Email Floders!
  • -l, --list List All Email Floders!
  • -f FLODER, --folder=FLODER Please Input Email Floder Name!

使用

列举邮箱目录结构

python3 getmail.py -u [USERNAME] -p [PASSWORD] -e [EMAIL ADDRESS] -L
python3 getmail.py -u [USERNAME] -H [NTLMHASH] -e [EMAIL ADDRESS] -L

阅读邮件

python3 getmail.py -u [USERNAME] -H [NTLMHASH] -e [EMAIL ADDRESS] -f [文件夹,默认是Inbox] -c 阅读邮件数量(按照时间倒序,最近的在最前面)
python3 getmail.py -u [USERNAME] -H [NTLMHASH] -e [EMAIL ADDRESS] -f [文件夹,默认是Inbox] -c 阅读邮件数量(按照时间倒序,最近的在最前面) -k [Keyword](展示包含关键字的邮件)

下载附件

python3 getmail.py -u [USERNAME] -H [NTLMHASH] -e [EMAIL ADDRESS] -f [文件夹,默认是Inbox] -c 阅读邮件数量(按照时间倒序,最近的在最前面)——D

ISSUE修复记录

  • 0x01 默认Inbox收件箱邮件阅读超过20封时候有会问题【已修复】
  • 0x02 同名附件自动下载导致附件覆盖问题【已修复】

Changelog

  • v1.1 20210421
    • 支持展示抄送、密送
    • 优化展示效果
    • 修复一些bug
  • v1.1 20210422 增加GUI版本
    • Mac测试通过 image





























Owner









[email protected]



Information Security Engineer



<a href=[email protected]">




 GitHub Repository










HatSploit native powerful payload generation and shellcode injection tool that provides support for common platforms and architectures.


 HatVenom HatSploit native powerful payload generation and shellcode injection tool that provides support for common platforms and architectures. Featu





EntySec
 100  Dec 23, 2022









This is an injection tool that can inject any xposed modules apk into the debug android app


 This is an injection tool that can inject any xposed modules apk into the debug android app, the native code in the xposed module can also be injected.





Windy
 32  Nov 05, 2022









Create a secure tunnel from a custom domain to localhost using Fly and WireGuard.


 Fly Dev Tunnel Developers commonly use apps like ngrok, localtunnel, or cloudflared to expose a local web service at a publicly-accessible URL. This i






 170  Dec 11, 2022









Dahua IPC/VTH/VTO devices auth bypass exploit


 CVE-2021-33044 Dahua IPC/VTH/VTO devices auth bypass exploit About: The identity authentication bypass vulnerability found in some Dahua products duri





Ashish Kunwar
 23  Dec 02, 2022









RDP Stealer


 RDP Stealer RDP Stealer by lamp Require Python How To Use Download This Source Extract The Zip File Change webhook url Convert to exe send to target I





Lamp
 14  Nov 26, 2022









AnonStress-Stored-XSS-Exploit - An exploit and demonstration on how to exploit a Stored XSS vulnerability in anonstress


 AnonStress Stored XSS Exploit An exploit and demonstration on how to exploit a S





صلى الله على محمد وآله
 3  Jun 22, 2022









JavaScript Raider is a coverage-guided JavaScript fuzzing framework designed for the v8 JavaScript engine


 JavaScript Raider is a coverage-guided JavaScript fuzzing framework designed for the v8 JavaScript engine






 105  Dec 05, 2022









Evil-stalker - A simple tool written in python, it is so simple that it is based on google dorks


 evil-stalker How to run First of all, you must install the necessary libraries. 





rock3d
 6  Nov 16, 2022









Reverse engineered Parler API


 Parler's unofficial API with all endpoints present in their iOS app as of 08/12/2020. For the most part undocumented, but the error responses are alre






 393  Nov 26, 2022









Course: Information Security with Python


 Curso: Segurança da Informação com Python Curso realizado atravès da Plataforma da Digital Innovation One Prof: Bruno Dias Conteúdo: Introdução aos co





Elizeu Barbosa Abreu
 1  Nov 28, 2021









CVE-2022-22965 : about spring core rce


 CVE-2022-22965: Spring-Core-Rce EXP 特性: 漏洞探测(不写入 webshell,简单字符串输出) 自定义写入 webshell 文件名称及路径 不会追加写入到同一文件中,每次检测写入到不同名称 webshell 文件 支持写入 冰蝎 webshell 代理支持,可





东方有鱼名为咸
 53  Nov 09, 2022









Web3 Pancakeswap Sniper & honeypot detector Take Profit/StopLose bot written in python3, For ANDROID WIN MAC & LINUX


 🏆 Pancakeswap BSC Sniper Bot web3 with honeypot detector (ANDROID WINDOWS MAC LINUX) 🥇 ⭐️ ⭐️ ⭐️ First SNIPER BOT for ANDROID & WINDOWS with honeypot





Mayank
 12  Jan 07, 2023









Ingest GreyNoise.io malicious feed for CVE-2021-44228 and apply null routes


 log4j-nullroute Quick script to ingest IP feed from greynoise.io for log4j (CVE-2021-44228) and null route bad addresses. Works w/Cisco IOS-XE and Ari





Ryan
 5  Sep 12, 2022









 Web Scraping com Python - Raspando Vagas para Programadores


 Web Scraping com Python - Raspando Vagas para Programadores Sobre o Projeto Web 





Kayo Libarino
 3  Dec 30, 2021









Generate obfuscated meterpreter shells


 Generator Evade AV with obfuscated payloads Installation must install dotnet prior to running the script with net45 Running ./generator.py -ip Your-I





Fawaz Al-Mutairi
 219  Nov 28, 2022









Brute-forcing (or not!) deck builder for Pokemon Trading Card Game.


 PokeBot Deck Builder Brute-forcing (or not!) deck builder for Pokemon Trading Card Game. Warning: intensely not optimized and spaghetti coded Credits 





Hocky Harijanto
 0  Jan 10, 2022









Python implementation for PrintNightmare using standard Impacket.


 PrintNightmare Python implementation for PrintNightmare (CVE-2021-1675 / CVE-2021-34527) using standard Impacket. Installtion $ pip3 install impacket 





ollypwn
 141  Dec 31, 2022









PoC for CVE-2021-26855 -Just a checker-


 CVE-2021-26855 PoC for CVE-2021-26855 -Just a checker- Usage python3 CVE-2021-26855.py -u https://mail.example.com -c example.burpcollaborator.net
# C





Abdullah AlZahrani
 17  Dec 22, 2022









This respository contains the source code of the printjack and phonejack attacks.


 Printjack-Phonejack This repository contains the source code of the printjack and phonejack attacks. The Printjack directory contains the script to ca





pietrobiondi
 2  Feb 12, 2022









VMware vCenter earlier v(7.0.2.00100) unauthorized arbitrary file read 


 vcenter_fileread_exploit VMware vCenter earlier v(7.0.2.00100) unauthorized arbitrary file read Usage python3 vCenter_fileread.py http(s)://ip Referen





Ashish Kunwar
 4  Sep 23, 2022