Nmap Development mailing list archives
[NSE] Script Submission: HTTP NTLM Information Disclosure
From: nmap user <nmapuser1 () gmail com>
Date: Tue, 4 Feb 2014 15:53:00 -0500
Hello, Attached is a NSE implementation to anonymously enumerate remote NetBIOS, DNS, and OS details from HTTP services with NTLM authentication enabled. By sending a HTTP NTLM authentication request with null domain and user credentials (passed in the 'Authorization' header), the remote web server will respond with a NTLMSSP message (encoded within the 'WWW-Authenticate' header) and disclose information including NetBIOS, DNS, and OS build version. Example output: #nmap -p443 1.2.3.4 --script http-ntlm-info-disclosure Nmap scan report for 1.2.3.4 Host is up (0.040s latency). PORT STATE SERVICE VERSION 443/tcp open https | http-ntlm-info-disclosure: | Target_Name: ACTIVEWEB | NetBIOS_Domain_Name: ACTIVEWEB | NetBIOS_Computer_Name: PRODWEB001 | DNS_Domain_Name: activeweb.somedomain.com | DNS_Computer_Name: prodweb001.activeweb.somedomain.com | DNS_Tree_Name: activeweb.somedomain.com |_ Product_Version: 5.2 (Build 3790) Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows This script has been tested against all Microsoft IIS versions and open source HTTP NTLM implementations. Cheers, -Justin
Attachment:
http-ntlm-info-disclosure.nse
Description:
_______________________________________________ Sent through the dev mailing list http://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- [NSE] Script Submission: HTTP NTLM Information Disclosure nmap user (Feb 04)
- Re: [NSE] Script Submission: HTTP NTLM Information Disclosure Daniel Miller (Feb 05)
- Re: [NSE] Script Submission: HTTP NTLM Information Disclosure nmap user (Feb 06)
- Re: [NSE] Script Submission: HTTP NTLM Information Disclosure Daniel Miller (Feb 07)
- Re: [NSE] Script Submission: HTTP NTLM Information Disclosure nmap user (Feb 06)
- Re: [NSE] Script Submission: HTTP NTLM Information Disclosure Daniel Miller (Feb 05)