Skip to content

blazeinfosec/ssrf-ntlm

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

7 Commits

README.md

README.md

 
 

fisherman-for-blog.jpg

fisherman-for-blog.jpg

 
 

java-httpurlconnection.PNG

java-httpurlconnection.PNG

 
 

ssrf.py

ssrf.py

 
 

testntlm.java

testntlm.java

 
 

Repository files navigation

ssrf-ntlm

Proof of concept written in Python to show that in some situations a SSRF vulnerability can be used to steal NTLMv1/v2 hashes.

Using Windows's WinHTTP.WinHTTPRequest native methods to demonstrate how Windows will give out hashes when asked to authenticate using NTLM.

We published a blog post with details of how to exploit web application vulnerabilities to steal NTLM hashes: https://blog.blazeinfosec.com/leveraging-web-application-vulnerabilities-to-steal-ntlm-hashes-2/

Author

  • Julio Cesar Fort - julio at blazeinfosec dot com

License

This proof of concept is licensed under the Apache License.

Copyright 2016-2017, Blaze Information Security https://www.blazeinfosec.com

Kudos

Thanks to the talented folks of Hackerstrip for the art used in our blog post.

We need a bigger boat

About

Proof of concept written in Python to show that in some situations a SSRF vulnerability can be used to steal NTLMv1/v2 hashes.

Resources

Readme
Activity
Custom properties

Stars

56 stars

Watchers

2 watching

Forks

13 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages