Script nntp-ntlm-info

Script types: portrule
Categories: default, discovery, safe
Download: https://svn.nmap.org/nmap/scripts/nntp-ntlm-info.nse

Script Summary

This script enumerates information from remote NNTP services with NTLM authentication enabled.

Sending an MS-NNTP NTLM authentication request with null credentials will cause the remote service to respond with a NTLMSSP message disclosing information to include NetBIOS, DNS, and OS build version.

Script Arguments

smbdomain, smbhash, smbnoguest, smbpassword, smbtype, smbusername

See the documentation for the smbauth library.

Example Usage

nmap -p 119,433,563 --script nntp-ntlm-info <target>

Script Output

119/tcp   open     nntp
| nntp-ntlm-info:
|   Target_Name: ACTIVENNTP
|   NetBIOS_Domain_Name: ACTIVENNTP
|   NetBIOS_Computer_Name: NNTP-TEST2
|   DNS_Domain_Name: somedomain.com
|   DNS_Computer_Name: nntp-test2.somedomain.com
|   DNS_Tree_Name: somedomain.com
|_  Product_Version: 6.1.7601

Requires

• comm
• os
• datetime
• shortport
• stdnse
• base64
• smbauth
• string

---

Author:

• Justin Cacak

License: Same as Nmap--See https://nmap.org/book/man-legal.html