Squirtle the Browser-based NTLM Attack Toolkit
License
grutz/squirtle
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
master
Could not load branches
Nothing to show
Could not load tags
Nothing to show
{{ refName }}
default
Name already in use
A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
Code
-
Clone
Use Git or checkout with SVN using the web URL.
Work fast with our official CLI. Learn more.
- Open with GitHub Desktop
- Download ZIP
Sign In Required
Please sign in to use Codespaces.
Launching GitHub Desktop
If nothing happens, download GitHub Desktop and try again.
Launching GitHub Desktop
If nothing happens, download GitHub Desktop and try again.
Launching Xcode
If nothing happens, download Xcode and try again.
Launching Visual Studio Code
Your codespace will open once ready.
There was a problem preparing your codespace, please try again.
Latest commit
Git stats
Files
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
SQUIRTLE - The NTLM Single Sign-On Controller version 1.1 - ToorCon release (September, 2008) The purpose of this little doodad is to help you prove to your employer, your client, your best friend, your dog, or God that NTLM is truly dead. It does this by taking control of any browser that comes into contact with it and making it perform NTLM authentication at will. By using a set of API calls you can embed Squirtle into existing penetration toolkits, proxies or other fun tools at your disposal. Requirements ------------ o Ruby language interpreter (1.8.6 tested) o ActiveRecord RubyGem (sudo gem install activerecord) o Ruby GEMs for SQL server of choice (sqlite3, mysql, postgres) o JSON RubyGem (sudo gem install json) - http://json.rubyforge.org/ o INSIDE a corporate network Why Inside? ----------- NTLM Authentication from web browsers occurs when a user connects to a URL that the browser believes is within a trusted internet zone (for Internet Explorer). Mozilla FireFox can be configured to deliver NTLM authentication based upon hostnames or masks. While there have been methods of forcing the browser to believe it's connected to a lower-security zone using Flash objects or Java applets they typically revolve around deficiencies within the languages and are eventually patched. Using Squirtle -------------- Running Squirtle is easy: Step 1: Modify squirtle.yaml to fit your configuration Step 2: "ruby squirtle.rb" Step 3: Point browsers towards http://yourserver:8080/ What to do after that depends upon you. Option 1: Crack the LM or NTLM hashes with static nonce Option 2: Use Rainbowtables on the LM hashes with static nonce Option 3: Combine Squirtle with your own proxy code using the Squirtle API Option 4: Make cookies! Redirecting Console Output -------------------------- Webrick spits a lot of crap out in STDERR. Until we complete the console commands you can redirect STDERR to a log file or /dev/null. $ ./squirtle 2>/dev/null This will help for devices that have slow screens (mobile devices mostly) Success Stories --------------- Well this is a proof of concept/borderline munition tool so I don't think many stories will come out of it being used "successfully". However I can say that the tool works in my lab and in limited enterprise testing on the following: Squirtle Boxes: Apple Macintosh OS X 10.5.4 - ruby 1.8.6 (2007-03-13 patchlevel 0) [i686-darwin8.10.1] Gentoo Linux - ruby 1.8.6 (2008-03-03 patchlevel 114) [i686-linux] Victims: Windows XP SP2, IE 6.0.2900.2180.xpsp2_rtm.040803-2158 Windows XP SP2, IE 6.0.2900.2180.xp_sp2_qfe.070227-2300CO Evil Agents: NTLMAPS modified for Squirtle - http://code.google.com/p/squirtle/source/browse/ntlmaps-squirtle WARNING! ACHTUNG! ----------------- Like most security tools, this can be used for good or evil. If you try to use it within your enterprise without approval from your management, you may have created a "resume generating" event for yourself. Get the approval you need before treading further. Support and Enhancements ------------------------ This is free software and will be supported and enhanced as I have time. Any patches submitted will be graciously reviewed and applied if applicable. Kurt Grutzmacher grutz [at] jingojango dot net
About
Squirtle the Browser-based NTLM Attack Toolkit
Resources
License
Stars
Watchers
Forks
Packages 0
No packages published