Skip to content
/ ssrf-ntlm Public

Proof of concept written in Python to show that in some situations a SSRF vulnerability can be used to steal NTLMv1/v2 hashes.

57 stars 10 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

blazeinfosec/ssrf-ntlm

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

7 Commits
README.md
README.md
 
 
fisherman-for-blog.jpg
fisherman-for-blog.jpg
 
 
java-httpurlconnection.PNG
java-httpurlconnection.PNG
 
 
ssrf.py
ssrf.py
 
 
testntlm.java
testntlm.java
 
 

Repository files navigation

ssrf-ntlm

Proof of concept written in Python to show that in some situations a SSRF vulnerability can be used to steal NTLMv1/v2 hashes.

Using Windows's WinHTTP.WinHTTPRequest native methods to demonstrate how Windows will give out hashes when asked to authenticate using NTLM.

We published a blog post with details of how to exploit web application vulnerabilities to steal NTLM hashes: https://blog.blazeinfosec.com/leveraging-web-application-vulnerabilities-to-steal-ntlm-hashes-2/

Author

  • Julio Cesar Fort - julio at blazeinfosec dot com

License

This proof of concept is licensed under the Apache License.

Copyright 2016-2017, Blaze Information Security https://www.blazeinfosec.com

Kudos

Thanks to the talented folks of Hackerstrip for the art used in our blog post.

We need a bigger boat

About

Proof of concept written in Python to show that in some situations a SSRF vulnerability can be used to steal NTLMv1/v2 hashes.

Resources

Readme
Activity
Custom properties

Stars

57 stars

Watchers

2 watching

Forks

10 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages