Script telnet-ntlm-info

Script types: portrule
Categories: default, discovery, safe

Script Summary

This script enumerates information from remote Microsoft Telnet services with NTLM authentication enabled.

Sending a MS-TNAP NTLM authentication request with null credentials will cause the remote service to respond with a NTLMSSP message disclosing information to include NetBIOS, DNS, and OS build version.

Script Arguments

smbdomain, smbhash, smbnoguest, smbpassword, smbtype, smbusername

See the documentation for the smbauth library.

Example Usage

nmap -p 23 --script telnet-ntlm-info <target>

Script Output

23/tcp   open     telnet
| telnet-ntlm-info:
|   Target_Name: ACTIVETELNET
|   NetBIOS_Computer_Name: HOST-TEST2
|   DNS_Domain_Name:
|   DNS_Computer_Name:
|   DNS_Tree_Name:
|_  Product_Version: 5.1.2600



  • Justin Cacak

License: Same as Nmap--See