利用NTLM Hash读取Exchange邮件

Related tags

Security related resourcesGetMail
Overview

GetMail

利用NTLM Hash读取Exchange邮件:在进行内网渗透时候,我们经常拿到的是账号的Hash凭据而不是明文口令。在这种情况下采用邮件客户端或者WEBMAIL的方式读取邮件就很麻烦,需要进行破解,NTLM的破解主要依靠字典强度,破解概率并不是很大。其实Exchange提供了利用NTLM Hash凭据进行验证的方法,从而可以进行任何操作。本程序支持邮箱目录结构的列举、邮件的阅读、附件的下载、关键字的搜索等功能,支持明文密码和NTLM Hash凭证两种认证方式。

参数介绍

  • -h, --help show this help message and exit
  • -u USER, --user=USER Please Input Username!
  • -H HASH, --hash=HASH Please Input Ntlmhash: xx:xx Or xxxx!
  • -p PSWD, --pswd=PSWD Please Input Password!
  • -e EMAIL, --email=EMAIL Please Input Email Address!
  • -c COUNT, --count=COUNT Please Input How Many Emails You Want To Read!
  • -s SERVER, --server=SERVER Please Input Email Server Address!
  • -k KEYWORD, --keyword=KEYWORD Please Input Keyword To Search!
  • -L, --List List All Email Floders!
  • -D, --download Whether Download Attachment Files Or Not!
  • -d, --display Show All Email Floders!
  • -l, --list List All Email Floders!
  • -f FLODER, --folder=FLODER Please Input Email Floder Name!

使用

列举邮箱目录结构

python3 getmail.py -u [USERNAME] -p [PASSWORD] -e [EMAIL ADDRESS] -L
python3 getmail.py -u [USERNAME] -H [NTLMHASH] -e [EMAIL ADDRESS] -L

阅读邮件

python3 getmail.py -u [USERNAME] -H [NTLMHASH] -e [EMAIL ADDRESS] -f [文件夹,默认是Inbox] -c 阅读邮件数量(按照时间倒序,最近的在最前面)
python3 getmail.py -u [USERNAME] -H [NTLMHASH] -e [EMAIL ADDRESS] -f [文件夹,默认是Inbox] -c 阅读邮件数量(按照时间倒序,最近的在最前面) -k [Keyword](展示包含关键字的邮件)

下载附件

python3 getmail.py -u [USERNAME] -H [NTLMHASH] -e [EMAIL ADDRESS] -f [文件夹,默认是Inbox] -c 阅读邮件数量(按照时间倒序,最近的在最前面)——D

ISSUE修复记录

  • 0x01 默认Inbox收件箱邮件阅读超过20封时候有会问题【已修复】
  • 0x02 同名附件自动下载导致附件覆盖问题【已修复】

Changelog

  • v1.1 20210421
    • 支持展示抄送、密送
    • 优化展示效果
    • 修复一些bug
  • v1.1 20210422 增加GUI版本
    • Mac测试通过 image





























Owner









[email protected]



Information Security Engineer



<a href=[email protected]">




 GitHub Repository










A Python wrapper around the OpenSSL library


 pyOpenSSL -- A Python wrapper around the OpenSSL library Note: The Python Cryptographic Authority strongly suggests the use of pyca/cryptography where





Python Cryptographic Authority
 795  Dec 29, 2022









Wireguard VPN Server Installer for: on Ubuntu, Debian, Arch, Fedora and CentOS


 XGuard (Wireguard Server Installer) This Python script should make the installation of a Wireguard VPN server as easy as possible. Wireguard is a mode





Johann
 3  Nov 04, 2022









RedlineSpam - Python tool to spam Redline Infostealer panels with legit looking data


 RedlineSpam Python tool to spam Redline Infostealer panels with legit looking da






 4  Jan 27, 2022









MVT is a forensic tool to look for signs of infection in smartphone devices


 Mobile Verification Toolkit Mobile Verification Toolkit (MVT) is a collection of utilities to simplify and automate the process of gathering forensic 






 8.3k  Jan 08, 2023









Some Attacks of Exchange SSRF ProxyLogon&ProxyShell


 Some Attacks of Exchange SSRF This project is heavily replicated in ProxyShell, NtlmRelayToEWS https://mp.weixin.qq.com/s/GFcEKA48bPWsezNdVcrWag Get 1





Jumbo
 129  Dec 30, 2022









This is an injection tool that can inject any xposed modules apk into the debug android app


 This is an injection tool that can inject any xposed modules apk into the debug android app, the native code in the xposed module can also be injected.





Windy
 32  Nov 05, 2022









A powerful password generator utility which utilizes the slot technique to generate strong passwords of required length having combinations of lower and upper characters, digits and symbols.


 Bitpass Password Generator Installation Make sure Python 3+ is installed





Vaibhaw
 6  Feb 02, 2022









proxyshell payload generate


 Py Permutative Encoding https://docs.microsoft.com/en-us/openspecs/office_file_formats/ms-pst/5faf4800-645d-49d1-9457-2ac40eb467bd Generate proxyshell





Evi1cg
 63  Nov 15, 2022









Mr.Holmes is a information gathering tool (OSINT)


 🔍 Mr.Holmes Mr.Holmes is a information gathering tool (OSINT). Is main purpose is to gain information about domains,username and phone numbers with t






 534  Jan 08, 2023









Exploit tool for Adminer 1.0 up to 4.6.2 Arbitrary File Read vulnerability 


 AdminerRead Exploit tool for Adminer 1.0 up to 4.6.2 Arbitrary File Read vulnerability Installation git clone https://github.com/p0dalirius/AdminerRea





Podalirius
 58  Dec 05, 2022









A blind SQL injection script that uses binary search aka bisection method to dump datas from database.


 Blind SQL Injection I wrote this script to solve PortSwigger Web Security Academy's particular Blind SQL injection with conditional responses lab. Bec





Şefik Efe
 2  Oct 29, 2022









Advanced subdomain scanner, any domain hidden subdomains


 little advanced subdomain scanner made in python, works very quick and has options to change the port u want it to connect for





Nano
 5  Nov 23, 2021









Source code for "A Two-Stream AMR-enhanced Model for Document-level Event Argument Extraction" @ NAACL 2022


 TSAR Source code for NAACL 2022 paper: A Two-Stream AMR-enhanced Model for Document-level Event Argument Extraction. 🔥 Introduction We focus on extra






 21  Sep 24, 2022









python写的一款免杀工具(shellcode加载器)BypassAV,国内杀软全过(windows denfend)


 python写的一款免杀工具(shellcode加载器)BypassAV,国内杀软全过(windows denfend)





1frame
 266  Jan 02, 2023









SSRF search vulnerabilities exploitation extended.


 This tool search for SSRF using predefined settings in different parts of a request (path, host, headers, post and get parameters).





Andri Wahyudi
 13  Jul 04, 2021









A small Minecraft server to help players detect vulnerability to the Log4Shell exploit 🐚


 log4check A small Minecraft server to help players detect vulnerability to the Log4Shell exploit 🐚 Tested to work between Minecraft versions 1.12.2 a





Evan J. Markowitz
 4  Dec 23, 2021









Strapi Framework Vulnerable to Remote Code Execution 


 CVE-2019-19609 Strapi Framework Vulnerable to Remote Code Execution well, I didnt found any exploit for CVE-2019-19609 so I wrote one. :/ Usage
pytho





Dasith Vidanage
 7  Mar 08, 2022









This is the fuzzer I made to fuzz Preview on macOS and iOS like 8years back when I just started fuzzing things.


 Fuzzing PDFs like its 1990s This is the fuzzer I made to fuzz Preview on macOS and iOS like 8years back when I just started fuzzing things. Some discl





Chaithu
 14  Sep 30, 2022









A simple automatic tool for finding vulnerable log4j hosts


 Log4Scan A simple automatic tool for finding vulnerable log4j hosts Installation pip3 install -r requirements.txt Usage usage: log4scan.py [-h] (-f FI





Federico Rapetti 20018955
 6  Mar 10, 2022









Data Recovery from your broken Android phone


 Broken Phone Recovery a guide how to backup data from your locked android phone if you broke your screen (and more) you can skip some steps depending 





v1nc
 25  Sep 23, 2022