利用NTLM Hash读取Exchange邮件

Related tags

Security related resourcesGetMail
Overview

GetMail

利用NTLM Hash读取Exchange邮件:在进行内网渗透时候,我们经常拿到的是账号的Hash凭据而不是明文口令。在这种情况下采用邮件客户端或者WEBMAIL的方式读取邮件就很麻烦,需要进行破解,NTLM的破解主要依靠字典强度,破解概率并不是很大。其实Exchange提供了利用NTLM Hash凭据进行验证的方法,从而可以进行任何操作。本程序支持邮箱目录结构的列举、邮件的阅读、附件的下载、关键字的搜索等功能,支持明文密码和NTLM Hash凭证两种认证方式。

参数介绍

  • -h, --help show this help message and exit
  • -u USER, --user=USER Please Input Username!
  • -H HASH, --hash=HASH Please Input Ntlmhash: xx:xx Or xxxx!
  • -p PSWD, --pswd=PSWD Please Input Password!
  • -e EMAIL, --email=EMAIL Please Input Email Address!
  • -c COUNT, --count=COUNT Please Input How Many Emails You Want To Read!
  • -s SERVER, --server=SERVER Please Input Email Server Address!
  • -k KEYWORD, --keyword=KEYWORD Please Input Keyword To Search!
  • -L, --List List All Email Floders!
  • -D, --download Whether Download Attachment Files Or Not!
  • -d, --display Show All Email Floders!
  • -l, --list List All Email Floders!
  • -f FLODER, --folder=FLODER Please Input Email Floder Name!

使用

列举邮箱目录结构

python3 getmail.py -u [USERNAME] -p [PASSWORD] -e [EMAIL ADDRESS] -L
python3 getmail.py -u [USERNAME] -H [NTLMHASH] -e [EMAIL ADDRESS] -L

阅读邮件

python3 getmail.py -u [USERNAME] -H [NTLMHASH] -e [EMAIL ADDRESS] -f [文件夹,默认是Inbox] -c 阅读邮件数量(按照时间倒序,最近的在最前面)
python3 getmail.py -u [USERNAME] -H [NTLMHASH] -e [EMAIL ADDRESS] -f [文件夹,默认是Inbox] -c 阅读邮件数量(按照时间倒序,最近的在最前面) -k [Keyword](展示包含关键字的邮件)

下载附件

python3 getmail.py -u [USERNAME] -H [NTLMHASH] -e [EMAIL ADDRESS] -f [文件夹,默认是Inbox] -c 阅读邮件数量(按照时间倒序,最近的在最前面)——D

ISSUE修复记录

  • 0x01 默认Inbox收件箱邮件阅读超过20封时候有会问题【已修复】
  • 0x02 同名附件自动下载导致附件覆盖问题【已修复】

Changelog

  • v1.1 20210421
    • 支持展示抄送、密送
    • 优化展示效果
    • 修复一些bug
  • v1.1 20210422 增加GUI版本
    • Mac测试通过 image





























Owner









[email protected]



Information Security Engineer



<a href=[email protected]">




 GitHub Repository










ProxyLogon(CVE-2021-26855+CVE-2021-27065) Exchange Server RCE(SSRF->GetWebShell)


 ProxyLogon For Python3 ProxyLogon(CVE-2021-26855+CVE-2021-27065) Exchange Server RCE(SSRF-GetWebShell) usage:
python ProxyLogon.py --host=exchang






 112  Dec 01, 2022









A proxy server application written in python for trial purposes


 python-proxy-server This is a proxy server ❤️ application written in python ❤️ for trial purposes. The purpose of the application; Connecting to Hacke





Ali Kasimoglu
 2  Dec 27, 2021









A python module for retrieving and parsing WHOIS data


 pythonwhois A WHOIS retrieval and parsing library for Python. Dependencies None! All you need is the Python standard library. Instructions The manual 





Sven Slootweg
 384  Dec 23, 2022









A python package with tools to read and postprocess the output of the channel DNS-solver (davecats/channel), as well as its associated postprocessing tools.


 Python tools for davecats/channel A python package with tools to read and postprocess the output of the channel dns solver, as well as its associated 





Andrea Andreolli
 1  Dec 13, 2021









Steal Files on a Windows Machine


 File-Stealer Steal Files on a Windows Machine About This Script will steal certain Files on a Windows Machine and sends them to a FTP Server. Preview 





Marcel
 5  Nov 17, 2022









Log4j vuln fuzz/scan with python


 Log4jFuzz log4j vuln fuzz/scan USE // it's use localhost udp server to check target vuln.
python3 log4jFuzz.py [option]
optional arguments:
-u URL, 





VVzv
 3  Dec 22, 2021









Solución al reto BBVA Contigo, Hack BBVA 2021


 Solution Solución propuesta para el reto BBVA Contigo del Hackathon BBVA 2021. Equipo Mexdapy. Integrantes: David Pedroza Segoviano Regina Priscila Ba





Gabriel Missael Barco
 2  Dec 06, 2021









Utility for Extracting all passwords from ConnectWise Automate


 CWA Password Extractor Utility for Extracting all passwords from ConnectWise Automate (E.g. while migrating to a new system). Outputs a csv file with 





Matthew Kyles
 1  Dec 09, 2021









A security system to warn you when people enter your room 🎥


 Get Out My Room v0.1 I hate people coming in my room when i'm not there. Get Out My Room is a simple security system that sends notifications with vid





ScriptLine
 1  Jan 11, 2022









Hack any account sending fake nitro QR code (only for educational purpose)


 DISCORD_ACCOUNT_HACKING_TOOL ( EDUCATIONAL PURPOSE ) Hack any account sending fake nitro QR code (only for educational purpose) Start my program token





Novy
 7  Jan 07, 2022









This is simple python FTP password craker. To crack FTP login using wordlist based brute force attack


 This is simple python FTP password craker. To crack FTP login using wordlist based brute force attack





Varun Jagtap
 5  Oct 08, 2022









Hadoop Yan RPC unauthorized RCE


 Vuln Impact On November 15, 2021, A security researcher disclosed that there was an unauthorized access vulnerability in Hadoop yarn RPC. This vulnera





Al1ex
 25  Nov 24, 2022









Wonk is a tool for combining a set of AWS policy files into smaller compiled policy sets.


 Wonk is a tool for combining a set of AWS policy files into smaller compiled policy sets.





Amino, Inc
 140  Dec 16, 2022









CVE-2022-22965 : about spring core rce


 CVE-2022-22965: Spring-Core-Rce EXP 特性: 漏洞探测(不写入 webshell,简单字符串输出) 自定义写入 webshell 文件名称及路径 不会追加写入到同一文件中,每次检测写入到不同名称 webshell 文件 支持写入 冰蝎 webshell 代理支持,可





东方有鱼名为咸
 53  Nov 09, 2022









vulnerable APIs


 vulnerable-apis vulnerable APIs inspired by https://github.com/mattvaldes/vulnerable-api Setup Docker If, Out of the box docker pull kmmanoj/vulnerabl






 9  Jun 01, 2022









CamRaptor is a tool that exploits several vulnerabilities in popular DVR cameras to obtain device credentials.


 CamRaptor is a tool that exploits several vulnerabilities in popular DVR cameras to obtain device credentials.





EntySec
 118  Dec 24, 2022









Python Toolkit containing different Cyber Attacks Tools


 Helikopter Python Toolkit containing different Cyber Attacks Tools. Tools in Helikopter Toolkit 1. FattyNigger (PYTHON WORM) 2. Taxes (PYTHON PASS EXT





Saqlain Naqvi
 22  Dec 04, 2022









ssh-audit is a tool for ssh server & client configuration auditing.


 SSH server & client auditing (banner, key exchange, encryption, mac, compression, compatibility, security, etc)





Joe Testa
 1.4k  Dec 31, 2022









Scan your logs for CVE-2021-44228 related activity and report the attackers


 jndiRep - CVE-2021-44228 Basically a bad grep on even worse drugs. search for malicious strings decode payloads print results to stdout or file report





js-on
 2  Nov 24, 2022









This repo contain builders of cab file, html file, and docx file for CVE-2021-40444 exploit


 CVE-2021-40444 builders This repo contain builders of cab file, html file, and docx file for CVE-2021-40444 exploit. This repo is just for testing, re





ASL IT Security
 168  Nov 09, 2022