利用NTLM Hash读取Exchange邮件

Related tags

Security related resourcesGetMail
Overview

GetMail

利用NTLM Hash读取Exchange邮件:在进行内网渗透时候,我们经常拿到的是账号的Hash凭据而不是明文口令。在这种情况下采用邮件客户端或者WEBMAIL的方式读取邮件就很麻烦,需要进行破解,NTLM的破解主要依靠字典强度,破解概率并不是很大。其实Exchange提供了利用NTLM Hash凭据进行验证的方法,从而可以进行任何操作。本程序支持邮箱目录结构的列举、邮件的阅读、附件的下载、关键字的搜索等功能,支持明文密码和NTLM Hash凭证两种认证方式。

参数介绍

  • -h, --help show this help message and exit
  • -u USER, --user=USER Please Input Username!
  • -H HASH, --hash=HASH Please Input Ntlmhash: xx:xx Or xxxx!
  • -p PSWD, --pswd=PSWD Please Input Password!
  • -e EMAIL, --email=EMAIL Please Input Email Address!
  • -c COUNT, --count=COUNT Please Input How Many Emails You Want To Read!
  • -s SERVER, --server=SERVER Please Input Email Server Address!
  • -k KEYWORD, --keyword=KEYWORD Please Input Keyword To Search!
  • -L, --List List All Email Floders!
  • -D, --download Whether Download Attachment Files Or Not!
  • -d, --display Show All Email Floders!
  • -l, --list List All Email Floders!
  • -f FLODER, --folder=FLODER Please Input Email Floder Name!

使用

列举邮箱目录结构

python3 getmail.py -u [USERNAME] -p [PASSWORD] -e [EMAIL ADDRESS] -L
python3 getmail.py -u [USERNAME] -H [NTLMHASH] -e [EMAIL ADDRESS] -L

阅读邮件

python3 getmail.py -u [USERNAME] -H [NTLMHASH] -e [EMAIL ADDRESS] -f [文件夹,默认是Inbox] -c 阅读邮件数量(按照时间倒序,最近的在最前面)
python3 getmail.py -u [USERNAME] -H [NTLMHASH] -e [EMAIL ADDRESS] -f [文件夹,默认是Inbox] -c 阅读邮件数量(按照时间倒序,最近的在最前面) -k [Keyword](展示包含关键字的邮件)

下载附件

python3 getmail.py -u [USERNAME] -H [NTLMHASH] -e [EMAIL ADDRESS] -f [文件夹,默认是Inbox] -c 阅读邮件数量(按照时间倒序,最近的在最前面)——D

ISSUE修复记录

  • 0x01 默认Inbox收件箱邮件阅读超过20封时候有会问题【已修复】
  • 0x02 同名附件自动下载导致附件覆盖问题【已修复】

Changelog

  • v1.1 20210421
    • 支持展示抄送、密送
    • 优化展示效果
    • 修复一些bug
  • v1.1 20210422 增加GUI版本
    • Mac测试通过 image





























Owner









[email protected]



Information Security Engineer



<a href=[email protected]">




 GitHub Repository










Bug Alert: a service for alerting security and IT professionals of high-impact and 0day vulnerabilities


 Bug Alert Bug Alert is a service for alerting security and IT professionals of h





BugAlert.org
 208  Dec 15, 2022









Acc-Data-Gen - Allows you to generate a password, e-mail & token for your Minecraft Account


 Acc-Data-Gen Allows you to generate a password, e-mail & token for your Minecraft Account How to use the generator: Move all the files in a single dir





KarmaBait
 2  May 16, 2022









An ARP Spoofer attacker for windows to block away devices from your network.


 arp0_attacker An ARP Spoofer-attacker for Windows -OS to block away devices from your network. INFO Built in Python 3.8.2. arp0_attackerx.py is Upgrad





Wh0_
 15  Mar 17, 2022









Exploit for GitLab CVE-2021-22205 Unauthenticated Remote Code Execution


 Vuln Impact An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.9. GitLab was not properly validating image files tha





Hendrik Agung
 2  Dec 30, 2021









A python script to turn Ubuntu Desktop in a one stop security platform. The InfoSec Fortress installs the packages,tools, and resources to make Ubuntu 20.04 capable of both offensive and defensive security work.


 infosec-fortress A python script to turn Ubuntu Desktop into a strong DFIR/RE System with some teeth (Purple Team Ops)! This is intended to create a s





James
 41  Dec 30, 2022









DomainMonitor is a web project that has a RESTful API to get a domain's subdomains and whois data.


 DomainMonitor is a web project that has a RESTful API to get a domain's subdomains and whois data.






 2  Feb 05, 2022









CVE-2021-21985 VMware vCenter Server远程代码执行漏洞 EXP (更新可回显EXP)


 CVE-2021-21985 CVE-2021-21985 EXP 本文以及工具仅限技术分享,严禁用于非法用途,否则产生的一切后果自行承担。 0x01 利用Tomcat RMI RCE 1. VPS启动JNDI监听 1099 端口 rmi需要bypass高版本jdk java -jar JNDIIn





r0cky
 355  Aug 03, 2022









version de mi tool de kali linux para miertuxzzzz digo, termux >:)


 Msf-Tool 1.0 Termux apt install git -y apt install python apt install python3 apt install python3-pip apt install metasploit ---- ---- git clone ht





BruhGera
 1  Feb 20, 2022









Malware for Discord, designed to steal passwords, tokens, and inject discord folders for long-term use. 


 Vital What is Vital? Vital is malware primarily used to collect and extract information from the Discord desktop client. While it has other features (





HellSec
 59  Dec 01, 2022









This is an advanced backdoor, created with Python


 Backdoor This is a Backdoor, created with Python 3. Types of Commands: Downloading / Uploading files. Launching / Deleting / Reading file's content. S





swagkarna
 28  Oct 28, 2022









POC using subprocess lib in Python 🐍


 POC subprocess ☞ POC using the subprocess library with Python. References: https://github.com/GuillaumeFalourd/poc-subprocess https://geekflare.com/le





Guillaume Falourd
 2  Nov 28, 2022









Python program that generates secure passwords.


 Python program that generates secure passwords. The user has the option to select the length of the password, amount of passwords, 






 4  Dec 07, 2021









This is simple python FTP password craker. To crack FTP login using wordlist based brute force attack


 This is simple python FTP password craker. To crack FTP login using wordlist based brute force attack





Varun Jagtap
 5  Oct 08, 2022









This repository contains wordlists for each versions of common web applications and content management systems (CMS). Each version contains a wordlist of all the files directories for this version.


 webapp-wordlists This repository contains wordlists for each versions of common web applications and content management systems (CMS). Each version co





Podalirius
 396  Jan 08, 2023









MozDef: Mozilla Enterprise Defense Platform


 MozDef: Documentation: https://mozdef.readthedocs.org/en/latest/ Give MozDef a Try in AWS: The following button will launch the Mozilla Enterprise Def





Mozilla
 2.2k  Jan 08, 2023









Small python script to look for common vulnerabilities on SMTP server.


 BrokenSMTP BrokenSMTP is a python3 BugBounty/Pentesting tool to look for common vulnerabilities on SMTP server. Supported Vulnerability : Spoofing - T






 39  Dec 16, 2022









A guide to building basic malware in Python by implementing a keylogger application


 Keylogger-Malware-Project A guide to building basic malware in Python by implementing a keylogger application. If you want even more detail on the Pro





Noah Davis
 1  Jan 11, 2022









This python script will automate the testing for the Log4J vulnerability for HTTP and HTTPS connections.


 Log4J-Huntress-Automate-Script This python script will automate the testing for the Log4J vulnerability for HTTP and HTTPS connections. Pre-Requisits 






 1  Dec 16, 2021









Profil3r is an OSINT tool that allows you to find potential profiles of a person on social networks, as well as their email addresses 🕵️


 Profil3r is an OSINT tool that allows you to find potential profiles of a person on social networks, as well as their email addresses. This program also alerts you to the presence of a data leak for 






 1.1k  Aug 24, 2021









The probability of having the password you want in the PassMaker is +90%!!


 PasswordMaker Strong listing password Introduction The probability of having the password you want in the tool is +90%!! How to Install Open the termi





MasterBurnt
 4  Sep 05, 2021