利用NTLM Hash读取Exchange邮件

Related tags

Security related resourcesGetMail
Overview

GetMail

利用NTLM Hash读取Exchange邮件:在进行内网渗透时候,我们经常拿到的是账号的Hash凭据而不是明文口令。在这种情况下采用邮件客户端或者WEBMAIL的方式读取邮件就很麻烦,需要进行破解,NTLM的破解主要依靠字典强度,破解概率并不是很大。其实Exchange提供了利用NTLM Hash凭据进行验证的方法,从而可以进行任何操作。本程序支持邮箱目录结构的列举、邮件的阅读、附件的下载、关键字的搜索等功能,支持明文密码和NTLM Hash凭证两种认证方式。

参数介绍

  • -h, --help show this help message and exit
  • -u USER, --user=USER Please Input Username!
  • -H HASH, --hash=HASH Please Input Ntlmhash: xx:xx Or xxxx!
  • -p PSWD, --pswd=PSWD Please Input Password!
  • -e EMAIL, --email=EMAIL Please Input Email Address!
  • -c COUNT, --count=COUNT Please Input How Many Emails You Want To Read!
  • -s SERVER, --server=SERVER Please Input Email Server Address!
  • -k KEYWORD, --keyword=KEYWORD Please Input Keyword To Search!
  • -L, --List List All Email Floders!
  • -D, --download Whether Download Attachment Files Or Not!
  • -d, --display Show All Email Floders!
  • -l, --list List All Email Floders!
  • -f FLODER, --folder=FLODER Please Input Email Floder Name!

使用

列举邮箱目录结构

python3 getmail.py -u [USERNAME] -p [PASSWORD] -e [EMAIL ADDRESS] -L
python3 getmail.py -u [USERNAME] -H [NTLMHASH] -e [EMAIL ADDRESS] -L

阅读邮件

python3 getmail.py -u [USERNAME] -H [NTLMHASH] -e [EMAIL ADDRESS] -f [文件夹,默认是Inbox] -c 阅读邮件数量(按照时间倒序,最近的在最前面)
python3 getmail.py -u [USERNAME] -H [NTLMHASH] -e [EMAIL ADDRESS] -f [文件夹,默认是Inbox] -c 阅读邮件数量(按照时间倒序,最近的在最前面) -k [Keyword](展示包含关键字的邮件)

下载附件

python3 getmail.py -u [USERNAME] -H [NTLMHASH] -e [EMAIL ADDRESS] -f [文件夹,默认是Inbox] -c 阅读邮件数量(按照时间倒序,最近的在最前面)——D

ISSUE修复记录

  • 0x01 默认Inbox收件箱邮件阅读超过20封时候有会问题【已修复】
  • 0x02 同名附件自动下载导致附件覆盖问题【已修复】

Changelog

  • v1.1 20210421
    • 支持展示抄送、密送
    • 优化展示效果
    • 修复一些bug
  • v1.1 20210422 增加GUI版本
    • Mac测试通过 image





























Owner









[email protected]



Information Security Engineer



<a href=[email protected]">




 GitHub Repository










Bypass ReCaptcha: A Python script for dealing with recaptcha


 Bypass ReCaptcha Bypass ReCaptcha is a Python script for dealing with recaptcha.





Marcos Camargo
 1  Jan 11, 2022









 Crowbar - A windows post exploitation tool


 Crowbar - A windows post exploitation tool Status - ✔️ This project is now considered finished. Any updates from now on will most likely be new script






 29  Nov 20, 2022









Fast Fb Cracking Tool


 fb-brute Fast Fb Cracking Tool 🏆





Aryan
 8  Jun 29, 2022









Generate malicious files using recently published bidi-attack (CVE-2021-42574)


 CVE-2021-42574 - Code generator Generate malicious files using recently published bidi-attack vulnerability, which was discovered in Unicode Specifica





js-on
 7  Nov 09, 2022









A small Minecraft server to help players detect vulnerability to the Log4Shell exploit 🐚


 log4check A small Minecraft server to help players detect vulnerability to the Log4Shell exploit 🐚 Tested to work between Minecraft versions 1.12.2 a





Evan J. Markowitz
 4  Dec 23, 2021









CVE-2022-22963 PoC 


 CVE-2022-22963 CVE-2022-22963 PoC Slight modified for English translation and detection of https://github.com/chaosec2021/Spring-cloud-function-SpEL-R





Nicolas Krassas
 104  Dec 08, 2022









CTF framework and exploit development library


 pwntools - CTF toolkit Pwntools is a CTF framework and exploit development library. Written in Python, it is designed for rapid prototyping and develo





Gallopsled
 9.8k  Dec 31, 2022









Script Crack Facebook Yang Kaya Akan Teh Hijau 🚶‍♂


 r-mbf Script Crack Facebook 🚶‍♂ Bukti Recode [•] Install Script $ pkg update && pkg upgrade $ pkg install python $ pkg install git $ pip install requ





O'Hayo Smrn
 3  Apr 02, 2022









A tool that detects the expensive Carbon Black watchlists.


 A tool that detects the "expensive" Carbon Black watchlists.





Oğuzcan Pamuk
 8  Aug 04, 2022









CVE-2021-26084 Remote Code Execution on Confluence Servers


 CVE-2021-26084 CVE-2021-26084 Remote Code Execution on Confluence Servers. Dork Fofa: app="ATLASSIAN-Confluence" Usage Show help information. python P





FQ Hsu
 63  Dec 30, 2022









A knockoff social-engineer toolkit


 The Python SE Dopp Kit is a social engineering toolkit with many purposes. It contains 5 different modules designed to be of assistance in different s






 48  Nov 26, 2022









Hammer-DDos - Hammer DDos With Python


 Hammer-DDos $ apt update $ apt upgrade $ apt install python $ apt install git $ 






 1  Jan 24, 2022









Update of uncaptcha2 from 2019


 YouTube Video Proof of Concept I created a new YouTube Video with technical Explanation for breaking Google's Audio reCAPTCHAs: Click on the image bel





Nikolai Tschacher
 153  Dec 20, 2022









Open Source Intelligence gathering tool aimed at reducing the time spent harvesting information from open sources.


 The Recon-ng Framework Recon-ng content now available on Pluralsight! Recon-ng is a full-featured reconnaissance framework designed with the goal of p






 2.4k  Jan 07, 2023









SonicWall SMA-100 Unauth RCE Exploit (CVE-2021-20038)


 Bad Blood Bad Blood is an exploit for CVE-2021-20038, a stack-based buffer overflow in the httpd binary of SMA-100 series systems using firmware versi





Jake Baines
 80  Dec 29, 2022









Bandit is a tool designed to find common security issues in Python code.


 A security linter from PyCQA Free software: Apache license Documentation: https://bandit.readthedocs.io/en/latest/ Source: https://github.com/PyCQA/ba





Python Code Quality Authority
 4.8k  Dec 31, 2022









Details,PoC and patches for CVE-2021-45383 & CVE-2021-45384


 CVE-2021-45383 & CVE-2021-45384 There are several network-layer vulnerabilities in the official server of Minecraft: Bedrock Edition (aka Bedrock Serv






 20  Apr 07, 2022









😭 WSOB is a python tool created to exploit the new vulnerability on WSO2 assigned as CVE-2022-29464.


 😭 WSOB (CVE-2022-29464) 😭 WSOB is a python tool created to exploit the new vulnerability on WSO2 assigned as CVE-2022-29464. CVE-2022-29464 details:





0p
 25  Oct 14, 2022









Enhancing Twin Delayed Deep Deterministic Policy Gradient with Cross-Entropy Method


 Enhancing Twin Delayed Deep Deterministic Policy Gradient with Cross-Entropy Method Hieu Trung Nguyen, Khang Tran and Ngoc Hoang Luong Setup Clone thi





Evolutionary Learning & Optimization (ELO) Lab
 6  Jun 29, 2022









A simple multi-threaded distributed SSH brute-forcing tool written in Python.


 OrbitalDump A simple multi-threaded distributed SSH brute-forcing tool written in Python. How it Works When the script is executed without the --proxi





K4YT3X
 408  Jan 03, 2023