利用NTLM Hash读取Exchange邮件

Related tags

Security related resourcesGetMail
Overview

GetMail

利用NTLM Hash读取Exchange邮件:在进行内网渗透时候,我们经常拿到的是账号的Hash凭据而不是明文口令。在这种情况下采用邮件客户端或者WEBMAIL的方式读取邮件就很麻烦,需要进行破解,NTLM的破解主要依靠字典强度,破解概率并不是很大。其实Exchange提供了利用NTLM Hash凭据进行验证的方法,从而可以进行任何操作。本程序支持邮箱目录结构的列举、邮件的阅读、附件的下载、关键字的搜索等功能,支持明文密码和NTLM Hash凭证两种认证方式。

参数介绍

  • -h, --help show this help message and exit
  • -u USER, --user=USER Please Input Username!
  • -H HASH, --hash=HASH Please Input Ntlmhash: xx:xx Or xxxx!
  • -p PSWD, --pswd=PSWD Please Input Password!
  • -e EMAIL, --email=EMAIL Please Input Email Address!
  • -c COUNT, --count=COUNT Please Input How Many Emails You Want To Read!
  • -s SERVER, --server=SERVER Please Input Email Server Address!
  • -k KEYWORD, --keyword=KEYWORD Please Input Keyword To Search!
  • -L, --List List All Email Floders!
  • -D, --download Whether Download Attachment Files Or Not!
  • -d, --display Show All Email Floders!
  • -l, --list List All Email Floders!
  • -f FLODER, --folder=FLODER Please Input Email Floder Name!

使用

列举邮箱目录结构

python3 getmail.py -u [USERNAME] -p [PASSWORD] -e [EMAIL ADDRESS] -L
python3 getmail.py -u [USERNAME] -H [NTLMHASH] -e [EMAIL ADDRESS] -L

阅读邮件

python3 getmail.py -u [USERNAME] -H [NTLMHASH] -e [EMAIL ADDRESS] -f [文件夹,默认是Inbox] -c 阅读邮件数量(按照时间倒序,最近的在最前面)
python3 getmail.py -u [USERNAME] -H [NTLMHASH] -e [EMAIL ADDRESS] -f [文件夹,默认是Inbox] -c 阅读邮件数量(按照时间倒序,最近的在最前面) -k [Keyword](展示包含关键字的邮件)

下载附件

python3 getmail.py -u [USERNAME] -H [NTLMHASH] -e [EMAIL ADDRESS] -f [文件夹,默认是Inbox] -c 阅读邮件数量(按照时间倒序,最近的在最前面)——D

ISSUE修复记录

  • 0x01 默认Inbox收件箱邮件阅读超过20封时候有会问题【已修复】
  • 0x02 同名附件自动下载导致附件覆盖问题【已修复】

Changelog

  • v1.1 20210421
    • 支持展示抄送、密送
    • 优化展示效果
    • 修复一些bug
  • v1.1 20210422 增加GUI版本
    • Mac测试通过 image





























Owner









[email protected]



Information Security Engineer



<a href=[email protected]">




 GitHub Repository










Whois-Python - Get Whois Domain with Python GUI


 Whois-Python-GUI Get Whois Domain with Python - GUI :) WARNING Dont Copy ! - W





MR.D3F417
 3  Feb 21, 2022









A python base script from which you can hack or clone any person's facebook friendlist or followers accounts which have simple password


 Hcoder This is a python base script from which you can hack or clone any person's facebook friendlist or followers accounts which have simple password





Muhammad Hamza
 3  Dec 06, 2021









HTTP security headers for Flask


 Talisman: HTTP security headers for Flask Talisman is a small Flask extension that handles setting HTTP headers that can help protect against a few co





Google Cloud Platform
 854  Dec 30, 2022









PyFUD - Fully Undetectable payload generator for metasploit


 PyFUD fully Undetectable payload generator for metasploit Usage: pyfud.py --host






 3  Mar 25, 2022









Internal network honeypot for detecting if an attacker or insider threat scans your network for log4j CVE-2021-44228


 log4j-honeypot-flask Internal network honeypot for detecting if an attacker or insider threat scans your network for log4j CVE-2021-44228 This can be 





Binary Defense
 144  Nov 19, 2022









edgedressing leverages a Windows "feature" in order to force a target's Edge browser to open. This browser is then directed to a URL of choice.


 edgedressing One day while experimenting with airpwn-ng, I noticed unexpected GET requests on the target node. The node in question happened to be a W





stryngs
 43  Dec 23, 2022









Proof of concept to check if hosts are vulnerable to CVE-2021-41773


 CVE-2021-41773 PoC Proof of concept to check if hosts are vulnerable to CVE-2021-41773. Description (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CV





Jordan Jay
 43  Nov 09, 2022









Some Attacks of Exchange SSRF ProxyLogon&ProxyShell


 Some Attacks of Exchange SSRF This project is heavily replicated in ProxyShell, NtlmRelayToEWS https://mp.weixin.qq.com/s/GFcEKA48bPWsezNdVcrWag Get 1





Jumbo
 129  Dec 30, 2022









Log4Shell Proof of Concept (CVE-2021-44228)


 CVE-2021-44228 Log4Shell Proof of Concept (CVE-2021-44228) Make sure to use Java 8 JDK. Java 8 Download Images Credits Casey Dunham - Java Reverse She





Kr0ff
 3  Jul 23, 2022









All in One CRACKER911181's Tool. This Tool For Hacking and Pentesting. 🎭


 All in One CRACKER911181's Tool. This Tool For Hacking and Pentesting. 🎭





Cracker
 331  Jan 01, 2023









GitHub Advance Security Compliance Action


 advanced-security-compliance This Action was designed to allow users to configure their Risk threshold for security issues reported by GitHub Code Sca





Mathew Payne
 121  Dec 14, 2022









A simple python script to dump remote files through a local file read or local file inclusion web vulnerability.


 A simple python script to dump remote files through a local file read or local file inclusion web vulnerability. Features Dump a single file w





Podalirius
 48  Dec 03, 2022









MainCoon - an automated recon framework 


 MainCoon is an automated recon framework meant for gathering information during penetration testing of web applications.





Md. Nur habib
 8  Aug 26, 2022









Find existing email addresses by nickname using API/SMTP checking methods without user notification. Please, don't hesitate to improve cat's job! 🐱🔎 📬


 mailcat The only cat who can find existing email addresses by nickname. Usage First install requirements: pip3 install -r requirements.txt
Then just 






 282  Dec 30, 2022









 Omega - From Wordpress admin to pty


 The Linux tool to automate the process of getting a pty once you got admin credentials in a Wordpress site. Keep in mind that right now Omega only can attack Linux hosts.





Ángel Heredia
 12  Nov 09, 2022









All in One CRACKER911181's Tool. This Tool For Hacking and Pentesting.🎭


 This is A Python & Bash Programming Based Termux-Tool Created By CRACKER911181. This Tool Created For Hacking and Pentesting. If You Use This Tool To Evil Purpose,The Owner Will Never be Responsible 





CRACKER911181
 1  Jan 10, 2022









Script Crack Facebook Yang Kaya Akan Teh Hijau 🚶‍♂


 r-mbf Script Crack Facebook 🚶‍♂ Bukti Recode [•] Install Script $ pkg update && pkg upgrade $ pkg install python $ pkg install git $ pip install requ





O'Hayo Smrn
 3  Apr 02, 2022









A curated list of amazingly awesome Cybersecurity datasets


 A curated list of amazingly awesome Cybersecurity datasets






 758  Dec 28, 2022









log4j2 passive burp rce scanning tool get post cookie full parameter recognition


 log4j2_burp_scan 自用脚本log4j2 被动 burp rce扫描工具 get post cookie 全参数识别,在ceye.io api速率限制下,最大线程扫描每一个参数,记录过滤已检测地址,重复地址 token替换为你自己的http://ceye.io/ token 和域名地址






 5  Dec 10, 2021









High level cheatsheet that was designed to make checks on the OSCP more manageable


 High level cheatsheet that was designed to make checks on the OSCP more manageable. This repository however could also be used for your own studying or for evaluating test systems like on HackTheBox 





Jacob Scheetz
 89  Jan 01, 2023