Feature Request + Question

[Green-Wolf]

Hi there,

Just to start, fantastic presentation at DefCon and a great tool. I had two things I wanted to ask:

Firstly would you consider an enhancement to allow trigging a session with a NTLM hash? I think this would be useful if a domain users NTLM hash was recovered using mimikatz or from NTDS and was unable to be cracked. An option to effectively login to their mailbox with pass the hash would be fantastic.

Secondly is more of a general question, I wanted to know what sort of techniques/tools do you use to enumerate the '-t' mail endpoint when you're testing on an internal network?