Nmap Development mailing list archives
Re: [NSE] Script Submission: HTTP NTLM Information Disclosure
From: Daniel Miller <bonsaiviking () gmail com>
Date: Fri, 07 Feb 2014 12:13:01 -0600
On 02/06/2014 02:55 PM, nmap user wrote:
Hi Daniel, Thanks for the feedback.Attached is the revised code leveraging the smbauth.get_host_info_from_security_blob() function where possible.As for logging -- within IIS, the script event is logged as '401' (Unauthorized), the same as if a web browser visited the page with NTLM authentication enabled. When anonymous access is permitted to the web server this request is simply logged as a '200' (since NTLM auth is disabled).Thanks, Justin
Justin,Thanks for that. It looks like this may be a good candidate for the default category. The script is looking great, too. I made a couple minor changes and committed this in r32706.
1. I renamed the script to http-ntlm-info to match similar -info script names.
2. I expanded the base64 NTLM authentication blob so that folks can see what they are actually sending (and possibly change it in the future without redoing a packet capture). A cleaner alternative would be replacing auth_blob with a call to smbauth.get_security_blob(), but since that doesn't include the OS information (an older way of doing it), I stuck with your well-tested string.
Dan _______________________________________________ Sent through the dev mailing list http://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- [NSE] Script Submission: HTTP NTLM Information Disclosure nmap user (Feb 04)
- Re: [NSE] Script Submission: HTTP NTLM Information Disclosure Daniel Miller (Feb 05)
- Re: [NSE] Script Submission: HTTP NTLM Information Disclosure nmap user (Feb 06)
- Re: [NSE] Script Submission: HTTP NTLM Information Disclosure Daniel Miller (Feb 07)
- Re: [NSE] Script Submission: HTTP NTLM Information Disclosure nmap user (Feb 06)
- Re: [NSE] Script Submission: HTTP NTLM Information Disclosure Daniel Miller (Feb 05)