nopfor/ntlm_challenger
GitHub: nopfor/ntlm_challenger
一款轻量级 NTLM 认证侦察工具,通过解析服务器质询消息提取域名、主机名和操作系统版本等信息。
Stars: 153 | Forks: 26
# NTLM Challenger
ntlm_challenger 会向支持 NTLM 认证的 HTTP、SMB 或 MSSQL 端点发送 NTLM 协商消息,解析质询消息,并打印从服务器接收到的信息。
## 系统要求
ntlm_challenger 支持 Python 3。
`requests` 库用于发起 HTTP(S) 请求。`impacket` 用于建立 SMB 或 MSSQL 连接。
## 用法
向指定的 URL 发送 NTLM 协商消息并解析质询消息。
```
python3 ntlm_challenger.py
```
HTTP 示例:
```
$ python3 ntlm_challenger.py 'https://autodiscover.hackin.club/autodiscover/'
Target (Domain): HACKIN
Version: Server 2012 / Windows 8 (build 9200)
TargetInfo:
MsvAvNbDomainName: HACKIN
MsvAvNbComputerName: EXCH01
MsvAvDnsDomainName: hackin.club
MsvAvDnsComputerName: EXCH01.hackin.club
MsvAvDnsTreeName: hackin.club
MsvAvTimestamp: Nov 3, 2019 01:07:16.573170
Negotiate Flags:
NTLMSSP_NEGOTIATE_UNICODE
NTLMSSP_REQUEST_TARGET
NTLMSSP_NEGOTIATE_ALWAYS_SIGN
NTLMSSP_TARGET_TYPE_DOMAIN
NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY
NTLMSSP_NEGOTIATE_TARGET_INFO
NTLMSSP_NEGOTIATE_VERSION
```
SMB 示例:
```
$ python3 ntlm_challenger.py 'smb://192.168.39.152'
Target (Server): DESKTOP-G1984A4
Version: Server 2016 or 2019 / Windows 10 (build 18362)
TargetInfo:
MsvAvNbDomainName: DESKTOP-G1984A4
MsvAvNbComputerName: DESKTOP-G1984A4
MsvAvDnsDomainName: DESKTOP-G1984A4
MsvAvDnsComputerName: DESKTOP-G1984A4
MsvAvTimestamp: Mar 20, 2020 01:54:23.634713
Negotiate Flags:
NTLMSSP_NEGOTIATE_UNICODE
NTLMSSP_REQUEST_TARGET
NTLMSSP_TARGET_TYPE_SERVER
NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY
NTLMSSP_NEGOTIATE_TARGET_INFO
NTLMSSP_NEGOTIATE_VERSION
NTLMSSP_NEGOTIATE_128
NTLMSSP_NEGOTIATE_56
```
MSSQL 示例:
```
$ python3 ntlm_challenger.py 'mssql://172.16.10.1'
Target (Domain): BLACKARROW
Version: Server 2016 or 2019 / Windows 10 (build 17763)
TargetInfo:
MsvAvNbDomainName: BLACKARROW
MsvAvNbComputerName: WINSQL01
MsvAvDnsDomainName: blackarrow.lab
MsvAvDnsComputerName: WINSQL01.blackarrow.lab
MsvAvDnsTreeName: blackarrow.lab
MsvAvTimestamp: Sep 30, 2022 10:55:18.194742
Negotiate Flags:
NTLMSSP_NEGOTIATE_UNICODE
NTLMSSP_REQUEST_TARGET
NTLMSSP_TARGET_TYPE_DOMAIN
NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY
NTLMSSP_NEGOTIATE_TARGET_INFO
NTLMSSP_NEGOTIATE_VERSION
NTLMSSP_NEGOTIATE_128
NTLMSSP_NEGOTIATE_56
```
标签:C2日志可视化, impacket, NTLM, Python, SMB, SNMP, 内核驱动, 协议分析, 工业互联网, 指纹识别, 插件系统, 数据展示, 无后门, 权限提升, 红队, 网络协议, 网络安全, 错误配置检测, 隐私保护