Home page logo
/
Intro Reference Guide Book Install Guide
Download Changelog Zenmap GUI Docs
Bug Reports OS Detection Propaganda Related Projects
In the Movies In the News

Sponsors


File http-ntlm-info

Script types: portrule
Categories: default, discovery, safe
Download: http://nmap.org/svn/scripts/http-ntlm-info.nse

User Summary

This script enumerates information from remote HTTP services with NTLM authentication enabled.

By sending a HTTP NTLM authentication request with null domain and user credentials (passed in the 'Authorization' header), the remote service will respond with a NTLMSSP message (encoded within the 'WWW-Authenticate' header) and disclose information to include NetBIOS, DNS, and OS build version if available.

Script Arguments

http-ntlm-info.root

The URI path to request

smbdomain, smbhash, smbnoguest, smbpassword, smbtype, smbusername

See the documentation for the smbauth library.

http.max-cache-size, http.max-pipeline, http.pipeline, http.useragent

See the documentation for the http library.

Example Usage

nmap -p 80 --script http-ntlm-info --script-args http-ntlm-info.root=/root/ <target>

Script Output

80/tcp   open     http
| http-ntlm-info:
|   Target_Name: ACTIVEWEB
|   NetBIOS_Domain_Name: ACTIVEWEB
|   NetBIOS_Computer_Name: WEB-TEST2
|   DNS_Domain_Name: somedomain.com
|   DNS_Computer_Name: web-test2.somedomain.com
|   DNS_Tree_Name: somedomain.com
|_  OS_Version: 6.1 (Build 7601)

Requires


Author: Justin Cacak

License: Same as Nmap--See http://nmap.org/book/man-legal.html

Nmap Site Navigation

Intro Reference Guide Book Install Guide
Download Changelog Zenmap GUI Docs
Bug Reports OS Detection Propaganda Related Projects
In the Movies In the News
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]