javascript/enumeration/smb/ntlm-info.yaml

id: ntlm-info

info:
  name: NTLM Information - Detection
  author: pussycat0x
  severity: info
  description: |
    Windows New Technology LAN Manager (NTLM) is a suite of security protocols offered by Microsoft to authenticate users' identity and protect the integrity and confidentiality of their activity. At its core, NTLM is a single sign on (SSO) tool that relies on a challenge-response protocol to confirm the user without requiring them to submit a password.
  reference:
    - https://www.crowdstrike.com/cybersecurity-101/ntlm-windows-new-technology-lan-manager/
  metadata:
    shodan-query: "port:445"
    verified: true
  tags: js,network,smb,enum

javascript:
  - code: |
      var m = require("nuclei/smb");
      var c = m.SMBClient();
      var response = c.ConnectSMBInfoMode(Host, Port);
      to_json(response);

    args:
      Host: "{{Host}}"
      Port: "445"

    matchers:
      - type: dsl
        dsl:
          - "len(ntlm) != 0"

    extractors:
      - type: json
        internal: true
        part: response
        name: ntlm
        json:
          - '.NTLM'

      - type: json
        json:
          - '"NTLM: "+ .NTLM'
# digest: 4b0a00483046022100b88c9974500f4dc40564a8681b18d913968e4c28a5b738d4923dce7ff5f1c63a0221008de02bb9e4068ed2254595fefca8fd3dbb1d2e3d150668bd62fbd0865900b268:922c64590222798bb761d5b6d8e72950
Create ntlm-info.yaml 2025-03-28 20:26:14 +05:30			`id: ntlm-info`

			`info:`
			`name: NTLM Information - Detection`
			`author: pussycat0x`
			`severity: info`
			`description: \|`
			`Windows New Technology LAN Manager (NTLM) is a suite of security protocols offered by Microsoft to authenticate users' identity and protect the integrity and confidentiality of their activity. At its core, NTLM is a single sign on (SSO) tool that relies on a challenge-response protocol to confirm the user without requiring them to submit a password.`
			`reference:`
			`- https://www.crowdstrike.com/cybersecurity-101/ntlm-windows-new-technology-lan-manager/`
			`metadata:`
Revert "chore: update TemplateMan 🤖" This reverts commit c31d574176f2b9e6f8d4fe573a24e7192f808e84. 2025-05-27 10:39:47 +08:00			`shodan-query: "port:445"`
fix-spacing 2025-04-02 11:47:14 +05:30			`verified: true`
Create ntlm-info.yaml 2025-03-28 20:26:14 +05:30			`tags: js,network,smb,enum`
Revert "chore: update TemplateMan 🤖" This reverts commit c31d574176f2b9e6f8d4fe573a24e7192f808e84. 2025-05-27 10:39:47 +08:00
Create ntlm-info.yaml 2025-03-28 20:26:14 +05:30			`javascript:`
			`- code: \|`
			`var m = require("nuclei/smb");`
			`var c = m.SMBClient();`
			`var response = c.ConnectSMBInfoMode(Host, Port);`
			`to_json(response);`

			`args:`
			`Host: "{{Host}}"`
			`Port: "445"`
fix-spacing 2025-04-02 11:47:14 +05:30
Create ntlm-info.yaml 2025-03-28 20:26:14 +05:30			`matchers:`
			`- type: dsl`
			`dsl:`
			`- "len(ntlm) != 0"`
fix-spacing 2025-04-02 11:47:14 +05:30
Create ntlm-info.yaml 2025-03-28 20:26:14 +05:30			`extractors:`
			`- type: json`
			`internal: true`
			`part: response`
			`name: ntlm`
			`json:`
			`- '.NTLM'`
fix-spacing 2025-04-02 11:47:14 +05:30
Create ntlm-info.yaml 2025-03-28 20:26:14 +05:30			`- type: json`
			`json:`
			`- '"NTLM: "+ .NTLM'`
chore: sign templates 🤖 2025-04-02 06:24:56 +00:00			`# digest: 4b0a00483046022100b88c9974500f4dc40564a8681b18d913968e4c28a5b738d4923dce7ff5f1c63a0221008de02bb9e4068ed2254595fefca8fd3dbb1d2e3d150668bd62fbd0865900b268:922c64590222798bb761d5b6d8e72950`