利用NTLM Hash读取Exchange邮件

Related tags

Security related resourcesGetMail
Overview

GetMail

利用NTLM Hash读取Exchange邮件:在进行内网渗透时候,我们经常拿到的是账号的Hash凭据而不是明文口令。在这种情况下采用邮件客户端或者WEBMAIL的方式读取邮件就很麻烦,需要进行破解,NTLM的破解主要依靠字典强度,破解概率并不是很大。其实Exchange提供了利用NTLM Hash凭据进行验证的方法,从而可以进行任何操作。本程序支持邮箱目录结构的列举、邮件的阅读、附件的下载、关键字的搜索等功能,支持明文密码和NTLM Hash凭证两种认证方式。

参数介绍

  • -h, --help show this help message and exit
  • -u USER, --user=USER Please Input Username!
  • -H HASH, --hash=HASH Please Input Ntlmhash: xx:xx Or xxxx!
  • -p PSWD, --pswd=PSWD Please Input Password!
  • -e EMAIL, --email=EMAIL Please Input Email Address!
  • -c COUNT, --count=COUNT Please Input How Many Emails You Want To Read!
  • -s SERVER, --server=SERVER Please Input Email Server Address!
  • -k KEYWORD, --keyword=KEYWORD Please Input Keyword To Search!
  • -L, --List List All Email Floders!
  • -D, --download Whether Download Attachment Files Or Not!
  • -d, --display Show All Email Floders!
  • -l, --list List All Email Floders!
  • -f FLODER, --folder=FLODER Please Input Email Floder Name!

使用

列举邮箱目录结构

python3 getmail.py -u [USERNAME] -p [PASSWORD] -e [EMAIL ADDRESS] -L
python3 getmail.py -u [USERNAME] -H [NTLMHASH] -e [EMAIL ADDRESS] -L

阅读邮件

python3 getmail.py -u [USERNAME] -H [NTLMHASH] -e [EMAIL ADDRESS] -f [文件夹,默认是Inbox] -c 阅读邮件数量(按照时间倒序,最近的在最前面)
python3 getmail.py -u [USERNAME] -H [NTLMHASH] -e [EMAIL ADDRESS] -f [文件夹,默认是Inbox] -c 阅读邮件数量(按照时间倒序,最近的在最前面) -k [Keyword](展示包含关键字的邮件)

下载附件

python3 getmail.py -u [USERNAME] -H [NTLMHASH] -e [EMAIL ADDRESS] -f [文件夹,默认是Inbox] -c 阅读邮件数量(按照时间倒序,最近的在最前面)——D

ISSUE修复记录

  • 0x01 默认Inbox收件箱邮件阅读超过20封时候有会问题【已修复】
  • 0x02 同名附件自动下载导致附件覆盖问题【已修复】

Changelog

  • v1.1 20210421
    • 支持展示抄送、密送
    • 优化展示效果
    • 修复一些bug
  • v1.1 20210422 增加GUI版本
    • Mac测试通过 image





























Owner









[email protected]



Information Security Engineer



<a href=[email protected]">




 GitHub Repository










Instagram brute force tool that uses tor as its proxy connections


 Insta-crack This is a instagram brute force tool that uses tor as its proxy connections, keep in mind that you should not do anything illegal with thi





Liam
 3  Jan 28, 2022









Python-based proof-of-concept tool for generating payloads that utilize unsafe Java object deserialization.


 Python-based proof-of-concept tool for generating payloads that utilize unsafe Java object deserialization.





Astro
 9  Sep 27, 2022









Simple Python 3 script to detect the "Log4j" Java library vulnerability (CVE-2021-44228) for a list of URL with multithreading


 log4j-detect Simple Python 3 script to detect the "Log4j" Java library vulnerability (CVE-2021-44228) for a list of URL with multithreading The script





Wade
 1  Dec 15, 2021









PoC encrypted diary in Python 3


 Encrypted diary Sample program to store confidential data. Provides encryption in the form of AES-256 with bcrypt KDF. Does not provide authentication






 1  Dec 25, 2021









Microsoft Exchange Server SSRF漏洞(CVE-2021-26855)


 Microsoft_Exchange_Server_SSRF_CVE-2021-26855 zoomeye dork:app:"Microsoft Exchange Server" 使用Seebug工具箱及pocsuite3编写的脚本Microsoft_Exchange_Server_SSRF_CV





conjojo
 37  Nov 12, 2022









Port scanning tool that uses Python3. Created by Noble Wilson


 Hello There!
My name is Noble Wilson and I am an aspiring IT/InfoSec coder practicing for my future.
________________________________________________






 1  Nov 23, 2021









Dlint is a tool for encouraging best coding practices and helping ensure Python code is secure.


 Dlint Dlint is a tool for encouraging best coding practices and helping ensure Python code is secure. The most important thing I have done as a progra





Dlint
 127  Dec 27, 2022









Python tool for dumping flash via uboot reliably


 Reliable Uboot Flash Dumper is a Python tool for dumping flash via uboot reliably. If you've ever had to dump flash via uboot and a serial connection and became frustrated about doing it several time





SecurityJon
 25  May 10, 2022









Metal Gear Online 2 (MGO2) stage files decryption


 Metal Gear Online 2 decryption tool Metal Gear Online 2 (MGO2) has an additional layer of encryption for stage files. I was not able to find info abou






 4  Sep 02, 2022









An forensics tool to help aid in the investigation of spoofed emails based off the email headers.


 A forensic tool to make analysis of email headers easy to aid in the quick discovery of the attacker. Table of Contents About mailMeta Installation Us





Syed Modassir Ali
 59  Nov 26, 2022









BoobSnail allows generating Excel 4.0 XLM macro. Its purpose is to support the RedTeam and BlueTeam in XLM macro generation.


 Follow us on Twitter! BoobSnail BoobSnail allows generating XLM (Excel 4.0) macro. Its purpose is to support the RedTeam and BlueTeam in XLM macro gen





STM Cyber
 232  Nov 21, 2022









NexScanner is a tool which allows you to scan a website and find the admin login panel and sub-domains


 NexScanner NexScanner is a tool which helps you scan a website for sub-domains and also to find login pages in the website like the admin login panel 






 8  Sep 03, 2022









An open-source post-exploitation framework for students, researchers and developers.


 Questions? Join the Discord support server Disclaimer: This project should be used for authorized testing or educational purposes only. BYOB is an ope





dvm
 8.1k  Dec 31, 2022









Program that mathematically generates and validates CPF numbers 


 ✔️ Gerador e Validador de CPF Programa que gera e valida números de CPF Requisitos • Como usar • Capturas de Tela Requisitos Antes de começar, você va





João Victor Vilela dos Santos
 1  Nov 07, 2021









This repo created for bypassing Widevine L3 DRM and obtaining keys.


 First run: Copy headers (with cookies) of POST license request from browser to headers.py like dictionary. pip install -r requirements.txt # if doesn'





Mikhail
 263  Jan 07, 2023









ProxyLogon Full Exploit Chain PoC (CVE-2021–26855, CVE-2021–26857, CVE-2021–26858, CVE-2021–27065)


 ExProlog ProxyLogon Full Exploit Chain PoC (CVE-2021–26855, CVE-2021–26857, CVE-2021–26858, CVE-2021–27065) Usage: exprolog.py [OPTIONS]
ExProlog -





Herwono W. Wijaya
 130  Dec 15, 2022









Multi Brute Force Facebook - Crack Facebook With Login - Free For Now


 ✭ SAKERA CRACK Made With ❤️ By Denventa, Araya, Dapunta Author:
- Denventa
- Araya Dev
- Dapunta Khurayra X
⇨ Fitur Login [✯] Login Cookies
⇨ Ins





Dapunta ID
 26  Jan 01, 2023









MTBLLS Ethical Hacking Tool Announcement of v2.0


 MTBLLS Ethical Hacking Tool Announcement of v2.0 MTBLLS is a Free and Open-Source Ethical Hacking Tool developed by GhostTD (SkyWtkh) The tool can onl





Ghost
 2  Mar 19, 2022









Exploit tool for Adminer 1.0 up to 4.6.2 Arbitrary File Read vulnerability 


 AdminerRead Exploit tool for Adminer 1.0 up to 4.6.2 Arbitrary File Read vulnerability Installation git clone https://github.com/p0dalirius/AdminerRea





Podalirius
 58  Dec 05, 2022









A simple subdomain scanner in python


 Subdomain-Scanner A simple subdomain scanner in python ✨ Features scans subdomains of a domain thats it! 💁‍♀️ How to use first download the scanner.p





Portgas D Ace
 2  Jan 07, 2022