Simple tool for testing NTLMSSP web authorizations

José González Krause 58b55df73d Actualizar 'README.md' 7 months ago
.gitignore 7333c537e7 Initial commit 7 months ago
LICENSE 7333c537e7 Initial commit 7 months ago
README.md 58b55df73d Actualizar 'README.md' 7 months ago
ntlmtool.go 0db3cfeaf0 Added 'ntlmtool.go' file 7 months ago

README.md

ntlmtool

Simple tool for testing NTLMSSP web authorizations

Install

go get dev.hackercat.ninja/hcninja/ntlmtool
go install dev.hackercat.ninja/hcninja/ntlmtool

Simple usage

# ntlmtool -h

Usage of ntlmtool:
  -body
    	Prints the response body
  -header
    	Prints the response header
  -parse
    	Parse an NTLM token
  -req string
    	Req string (url|domain|user|pass)
  -version int
    	NTLM version [1|2] (default 2)

Check a NTLM token

# echo TlRMTVN…AAAAA | ntlmtool -parse

DomainName: acme
Workstation: WORKSTATION
Username: roadrunner
NtChallengeResponseFields: ?E{BnEbQ~Y_k7ADROOTVM-IISAACMEADRoot.Local4VM-IISAACME.ADRoot.LocalADRoot.Local'9_`

Do a request

# ntlmtool -req "https://private.acme.corp/|acme|roadrunner|[email protected]"

2018/06/27 09:05:17 [https://private.acme.corp/ acme roadrunner [email protected] 200 Ok]

Bruteforce a login

for user in `cat users.txt`; do echo $user; ntlmtool -req "https://private.acme.corp/|acme|$user|$user" >> passBrute.txt; done

And in othe terminal you can watch the progress

watch -n1 grep 200 passBrute*