Home page logo
/
Zenmap screenshot
Intro Reference Guide Book Install Guide
Download Changelog Zenmap GUI Docs
Bug Reports OS Detection Propaganda Related Projects
In the Movies In the News
Example Nmap output

File http-ntlm-info

Script types: portrule
Categories: default, discovery, safe
Download: http://nmap.org/svn/scripts/http-ntlm-info.nse

User Summary

This script enumerates information from remote HTTP services with NTLM authentication enabled.

By sending a HTTP NTLM authentication request with null domain and user credentials (passed in the 'Authorization' header), the remote service will respond with a NTLMSSP message (encoded within the 'WWW-Authenticate' header) and disclose information to include NetBIOS, DNS, and OS build version if available.

Script Arguments

http-ntlm-info.root

The URI path to request

smbdomain, smbhash, smbnoguest, smbpassword, smbtype, smbusername

See the documentation for the smbauth library.

http.max-cache-size, http.max-pipeline, http.pipeline, http.useragent

See the documentation for the http library.

Example Usage

nmap -p 80 --script http-ntlm-info --script-args http-ntlm-info.root=/root/ <target>

Script Output

80/tcp   open     http
| http-ntlm-info:
|   Target_Name: ACTIVEWEB
|   NetBIOS_Domain_Name: ACTIVEWEB
|   NetBIOS_Computer_Name: WEB-TEST2
|   DNS_Domain_Name: somedomain.com
|   DNS_Computer_Name: web-test2.somedomain.com
|   DNS_Tree_Name: somedomain.com
|_  OS_Version: 6.1 (Build 7601)

Requires


Author: Justin Cacak

License: Same as Nmap--See http://nmap.org/book/man-legal.html

Nmap Site Navigation

Intro Reference Guide Book Install Guide
Download Changelog Zenmap GUI Docs
Bug Reports OS Detection Propaganda Related Projects
In the Movies In the News
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]