利用NTLM Hash读取Exchange邮件

Related tags

Security related resourcesGetMail
Overview

GetMail

利用NTLM Hash读取Exchange邮件:在进行内网渗透时候,我们经常拿到的是账号的Hash凭据而不是明文口令。在这种情况下采用邮件客户端或者WEBMAIL的方式读取邮件就很麻烦,需要进行破解,NTLM的破解主要依靠字典强度,破解概率并不是很大。其实Exchange提供了利用NTLM Hash凭据进行验证的方法,从而可以进行任何操作。本程序支持邮箱目录结构的列举、邮件的阅读、附件的下载、关键字的搜索等功能,支持明文密码和NTLM Hash凭证两种认证方式。

参数介绍

  • -h, --help show this help message and exit
  • -u USER, --user=USER Please Input Username!
  • -H HASH, --hash=HASH Please Input Ntlmhash: xx:xx Or xxxx!
  • -p PSWD, --pswd=PSWD Please Input Password!
  • -e EMAIL, --email=EMAIL Please Input Email Address!
  • -c COUNT, --count=COUNT Please Input How Many Emails You Want To Read!
  • -s SERVER, --server=SERVER Please Input Email Server Address!
  • -k KEYWORD, --keyword=KEYWORD Please Input Keyword To Search!
  • -L, --List List All Email Floders!
  • -D, --download Whether Download Attachment Files Or Not!
  • -d, --display Show All Email Floders!
  • -l, --list List All Email Floders!
  • -f FLODER, --folder=FLODER Please Input Email Floder Name!

使用

列举邮箱目录结构

python3 getmail.py -u [USERNAME] -p [PASSWORD] -e [EMAIL ADDRESS] -L
python3 getmail.py -u [USERNAME] -H [NTLMHASH] -e [EMAIL ADDRESS] -L

阅读邮件

python3 getmail.py -u [USERNAME] -H [NTLMHASH] -e [EMAIL ADDRESS] -f [文件夹,默认是Inbox] -c 阅读邮件数量(按照时间倒序,最近的在最前面)
python3 getmail.py -u [USERNAME] -H [NTLMHASH] -e [EMAIL ADDRESS] -f [文件夹,默认是Inbox] -c 阅读邮件数量(按照时间倒序,最近的在最前面) -k [Keyword](展示包含关键字的邮件)

下载附件

python3 getmail.py -u [USERNAME] -H [NTLMHASH] -e [EMAIL ADDRESS] -f [文件夹,默认是Inbox] -c 阅读邮件数量(按照时间倒序,最近的在最前面)——D

ISSUE修复记录

  • 0x01 默认Inbox收件箱邮件阅读超过20封时候有会问题【已修复】
  • 0x02 同名附件自动下载导致附件覆盖问题【已修复】

Changelog

  • v1.1 20210421
    • 支持展示抄送、密送
    • 优化展示效果
    • 修复一些bug
  • v1.1 20210422 增加GUI版本
    • Mac测试通过 image





























Owner









[email protected]



Information Security Engineer



<a href=[email protected]">




 GitHub Repository










Multi Brute Force Facebook - Crack Facebook With Login - Free For Now


 ✭ SAKERA CRACK Made With ❤️ By Denventa, Araya, Dapunta Author:
- Denventa
- Araya Dev
- Dapunta Khurayra X
⇨ Fitur Login [✯] Login Cookies
⇨ Ins





Dapunta ID
 26  Jan 01, 2023









Downloads SEP, Baseband and BuildManifest automatically for signed iOS version's for connected iDevice


 FutureHelper Supports macOS and Windows Downloads SEP, Baseband and BuildManifest automatically for signed iOS version's (including beta firmwares) fo





Kasim Hussain
 7  Jan 05, 2023









open detection and scanning tool for discovering and fuzzing for Log4J RCE CVE-2021-44228 vulnerability


 CVE-2021-44228-log4jVulnScanner-metasploit open detection and scanning tool for discovering and fuzzing for Log4J RCE CVE-2021-44228 vulnerability pre





Taroballz
 7  Nov 09, 2022









Universal Radio Hacker: Investigate Wireless Protocols Like A Boss


 The Universal Radio Hacker (URH) is a complete suite for wireless protocol investigation with native support for many common Software Defined Radios. 





Dr. Johannes Pohl
 9k  Jan 03, 2023









This is python script that will extract the functions call in all used DLL in an executable and then provide a mapping of those functions to the attack classes defined and curated malapi.io.


 F2Amapper This is python script that will extract the functions call in all used DLL in an executable and then provide a mapping of those functions to





Ajit Kumar
 3  Sep 03, 2022









The First Python Compatible Camera Hacking Tool


 ZCam Hack webcam using python by sending malicious link. FEATURES : [+] Real-time Camera hacking [+] Python compatible [+] URL Shortener using bitly [





Sanketh J
 109  Dec 28, 2022









ShoLister - a tool that collects all available subdomains for specific hostname or organization from Shodan


 ShoLister is a tool that collects all available subdomains for specific hostname or organization from Shodan. The tool is designed to be used from Penetration Tester and Bug Bounty Hunters.





Eslam Akl
 45  Dec 28, 2022









A great and handy python obfuscator for protecting code.


 Python Code Obfuscator A handy and necessary tool that can protect your code anytime! Mostly Command Line tool that will obfuscate your code. Features





Karim
 5  Nov 18, 2022









hackinsta: a program to hack instagram


 hackinsta a program to hack instagram Yokoback_(instahack) is the file to open, you need libraries write on import. You run that file in the same fold






 1  Dec 04, 2021









Python exploit for vsftpd 2.3.4 - Backdoor Command Execution


 CVE-2011-2523 - vsftpd 2.3.4 Exploit Discription vsftpd, which stands for Very Secure FTP Daemon,is an FTP server for Unix-like systems, including Lin





Padsala Tushal
 5  Nov 08, 2022









解密哥斯拉webshell管理工具流量


 kingkong 解密哥斯拉Godzilla-V2.96 webshell管理工具流量 目前只支持jsp类型的webshell流量解密 Usage 获取攻击者上传到服务器的webshell样本 获取wireshark之类的流量包,一般甲方有科来之类的全流量镜像设备,联系运维人员获取,这里以test.





h4ck for fun
 46  Dec 21, 2022









Python sandbox runners for executing code in isolation aka snekbox.


 Python sandbox runners for executing code in isolation aka snekbox.





Python Discord
 164  Dec 20, 2022









PoC for CVE-2021-26855 -Just a checker-


 CVE-2021-26855 PoC for CVE-2021-26855 -Just a checker- Usage python3 CVE-2021-26855.py -u https://mail.example.com -c example.burpcollaborator.net
# C





Abdullah AlZahrani
 17  Dec 22, 2022









Simplify getting and using cookies from the browser to use in Python.


 CookieCache Simplify getting and using cookies from the browser to use in Python. NOTE: All the logic to interface with the browsers is done by the Br





pat_h/to/file
 2  May 06, 2022









Suricata Language Server is an implementation of the Language Server Protocol for Suricata signatures


 Suricata Language Server is an implementation of the Language Server Protocol for Suricata signatures. It adds syntax check, hints and auto-completion to your preferred editor once it is configured.





Stamus Networks
 39  Nov 28, 2022









一款Web在线自动免杀工具


 一款利用加载器以及Python反序列化绕过AV的在线免杀工具 因为打包方式的局限性,不能跨平台,若要生成exe格式的只能在Windows下运行本项目 打包速度有点慢,提交后稍等一会 开发环境及运行 前端使用Bootstrap框架,后端使用Django框架 。 





yhy
 172  Nov 28, 2022









An automated, reliable scanner for the Log4Shell (CVE-2021-44228) vulnerability.


 Log4JHunt An automated, reliable scanner for the Log4Shell CVE-2021-44228 vulnerability. Video demo: Usage Here the help usage: $ python3 log4jhunt.py





RedHunt Labs
 39  Nov 21, 2022









Python implementation for CVE-2021-42278 (Active Directory Privilege Escalation)


 Pachine Python implementation for CVE-2021-42278 (Active Directory Privilege Escalation). Installtion $ pip3 install impacket Usage Impacket v0.9.23 -





Oliver Lyak
 250  Dec 31, 2022









A simple python-function, to gain all wlan passwords from stored wlan-profiles on a computer.


 Wlan Fetcher Windows10 Description A simple python-function, to gain all wlan passwords from stored wlan-profiles on a computer. Usage This Script onl






 2  Nov 20, 2021









neo Tool is great one in binary exploitation topic


 neo Tool is great one in binary exploitation topic. instead of doing several missions by many tools and windows, you can now automate this in one tool in one session.. Enjoy it





Hamza Elansari
 4  Oct 10, 2022