利用NTLM Hash读取Exchange邮件

Related tags

Security related resourcesGetMail
Overview

GetMail

利用NTLM Hash读取Exchange邮件:在进行内网渗透时候,我们经常拿到的是账号的Hash凭据而不是明文口令。在这种情况下采用邮件客户端或者WEBMAIL的方式读取邮件就很麻烦,需要进行破解,NTLM的破解主要依靠字典强度,破解概率并不是很大。其实Exchange提供了利用NTLM Hash凭据进行验证的方法,从而可以进行任何操作。本程序支持邮箱目录结构的列举、邮件的阅读、附件的下载、关键字的搜索等功能,支持明文密码和NTLM Hash凭证两种认证方式。

参数介绍

  • -h, --help show this help message and exit
  • -u USER, --user=USER Please Input Username!
  • -H HASH, --hash=HASH Please Input Ntlmhash: xx:xx Or xxxx!
  • -p PSWD, --pswd=PSWD Please Input Password!
  • -e EMAIL, --email=EMAIL Please Input Email Address!
  • -c COUNT, --count=COUNT Please Input How Many Emails You Want To Read!
  • -s SERVER, --server=SERVER Please Input Email Server Address!
  • -k KEYWORD, --keyword=KEYWORD Please Input Keyword To Search!
  • -L, --List List All Email Floders!
  • -D, --download Whether Download Attachment Files Or Not!
  • -d, --display Show All Email Floders!
  • -l, --list List All Email Floders!
  • -f FLODER, --folder=FLODER Please Input Email Floder Name!

使用

列举邮箱目录结构

python3 getmail.py -u [USERNAME] -p [PASSWORD] -e [EMAIL ADDRESS] -L
python3 getmail.py -u [USERNAME] -H [NTLMHASH] -e [EMAIL ADDRESS] -L

阅读邮件

python3 getmail.py -u [USERNAME] -H [NTLMHASH] -e [EMAIL ADDRESS] -f [文件夹,默认是Inbox] -c 阅读邮件数量(按照时间倒序,最近的在最前面)
python3 getmail.py -u [USERNAME] -H [NTLMHASH] -e [EMAIL ADDRESS] -f [文件夹,默认是Inbox] -c 阅读邮件数量(按照时间倒序,最近的在最前面) -k [Keyword](展示包含关键字的邮件)

下载附件

python3 getmail.py -u [USERNAME] -H [NTLMHASH] -e [EMAIL ADDRESS] -f [文件夹,默认是Inbox] -c 阅读邮件数量(按照时间倒序,最近的在最前面)——D

ISSUE修复记录

  • 0x01 默认Inbox收件箱邮件阅读超过20封时候有会问题【已修复】
  • 0x02 同名附件自动下载导致附件覆盖问题【已修复】

Changelog

  • v1.1 20210421
    • 支持展示抄送、密送
    • 优化展示效果
    • 修复一些bug
  • v1.1 20210422 增加GUI版本
    • Mac测试通过 image





























Owner









[email protected]



Information Security Engineer



<a href=[email protected]">




 GitHub Repository










Fuck - Multi Brute Force 🚶‍♂


 f-mbf Fuck - Multi Brute Force 🚶‍♂ Install Script $ pkg update && pkg upgrade $ pkg install python2 $ pkg install git $ pip2 install requests $ pip2 





Yumasaa
 1  Dec 03, 2021









Source code for "A Two-Stream AMR-enhanced Model for Document-level Event Argument Extraction" @ NAACL 2022


 TSAR Source code for NAACL 2022 paper: A Two-Stream AMR-enhanced Model for Document-level Event Argument Extraction. 🔥 Introduction We focus on extra






 21  Sep 24, 2022









Tool to scan for RouterOS (Mikrotik) forensic artifacts and vulnerabilities.


 RouterOS Scanner Forensics tool for Mikrotik devices. Search for suspicious properties and weak security points that need to be fixed on the router. T





Microsoft
 823  Dec 21, 2022









Lite - Lite cracker tool for python


 Wellcome to tools Results Install Tools






Jeeck X Nano
 23  Dec 17, 2022









StarUML cracker - StarUML cracker With Python


 StarUML_cracker Usage On Linux Clone the repo. git clone https://github.com/mana





Bibek Manandhar
 9  Jun 20, 2022









'Our Drowsinessdetector detects drivers eyes if they are closed for more than 2 seconds and alerts driver'


 Data analysis Document here the project: DriverDrowsinessDetector Description: Project Description Data Source: Type of analysis: Please document the 






 3  Jul 03, 2022









This is a simple tool to create ZIP payloads using a provided wordlist for the symlink attack (present in some file upload vulnerabilities)


 zip-symlink-payload-creator This is a simple tool to create ZIP payloads using a provided wordlist for the symlink attack (present in some file upload





stark0de
 6  Aug 18, 2022









Python tool for enumerating directories and for fuzzing


 Python tool for enumerating directories and for fuzzing





Gourab Roy
 5  Feb 21, 2022









An open-source post-exploitation framework for students, researchers and developers.


 Questions? Join the Discord support server Disclaimer: This project should be used for authorized testing or educational purposes only. BYOB is an ope





dvm
 8.1k  Dec 31, 2022









IDA Pro Python plugin to analyze and annotate Linux kernel alternatives


 About This is an IDA Pro (Interactive Disassembler) plugin allowing to automatically analyze and annotate Linux kernel alternatives (content of .altin





Open Source Security, Inc.
 16  Oct 12, 2022









Having a weak password is not good for a system that demands high confidentiality and security of user credentials


 Having a weak password is not good for a system that demands high confidentiality and security of user credentials. It turns out that people find it difficult to make up a strong password that is str





PyLaboratory
 0  Feb 07, 2022









Script Crack Facebook Premium 🚶‍♂


 premium Script Crack Facebook Premium 🚶‍♂ In Script Install Script $ pkg update && pkg upgrade $ termux-setup-storage $ pkg install python $ pkg inst





Yumasaa
 2  Dec 19, 2021









SQLi Google Dork Scanner (new version)


 XGDork² - ViraX Google Dork Scanner SQLi Google Dork Scanner by ViraX @ 2021 for Python 2.7 - compatible Android(NoRoot) - Termux A simple 'naive' pyt






 8  Dec 20, 2022









LdapRelayScan - Check for LDAP protections regarding the relay of NTLM authentication


 LDAP Relay Scan A tool to check Domain Controllers for LDAP server protections r






 315  Dec 18, 2022









Password-Manager GUI


 PASSWORD-MANAGER This repo contains all the project files. Project Description A Tkinter GUI that allows you to store website info like website name, 





David .K. Danso
 1  Dec 08, 2021









PyExtractor is a decompiler that can fully decompile exe's compiled with pyinstaller or py2exe


 PyExtractor is a decompiler that can fully decompile exe's compiled with pyinstaller or py2exe with additional features such as malware checker/detector! Also checks file(s) for suspicious words, dis





Rdimo
 56  Jul 31, 2022









BloodyAD is an Active Directory Privilege Escalation Framework


 BloodyAD Framework BloodyAD is an Active Directory Privilege Escalation Framework, it can be used manually using bloodyAD.py or automatically by combi






 757  Jan 07, 2023









DCSync - DCSync Attack from Outside using Impacket


 Adding DCSync Permissions Mostly copypasta from https://github.com/tothi/rbcd-at





n00py
 77  Dec 16, 2022









🐎🖥《赛马娘》(ウマ娘: Pretty Derby)辅助脚本 


 auto-derby 自动化养马 育成结果 Nurturing result 功能 支持客户端 DMM (前台) 实验性 安卓 ADB 连接(后台)开发基于 1080x1920 分辨率 团队赛 (Team race) 有胜利确定奖励时吃帕菲 日常赛 (Daily race) PvP 活动赛 (Cha





NateScarlet
 376  Jan 01, 2023









md5 hash cracking with python.


 Python-Md5-Cracker- md5 hash cracking with python. Original files added First create a file called word.txt then run the wordCreate.py script The task





Nebil Sharifi
 0  Aug 31, 2022