mirror of
https://github.com/projectdiscovery/nuclei-templates.git
synced 2026-02-11 21:23:34 +08:00
43 lines
1.3 KiB
YAML
43 lines
1.3 KiB
YAML
id: ntlm-info
|
|
|
|
info:
|
|
name: NTLM Information - Detection
|
|
author: pussycat0x
|
|
severity: info
|
|
description: |
|
|
Windows New Technology LAN Manager (NTLM) is a suite of security protocols offered by Microsoft to authenticate users' identity and protect the integrity and confidentiality of their activity. At its core, NTLM is a single sign on (SSO) tool that relies on a challenge-response protocol to confirm the user without requiring them to submit a password.
|
|
reference:
|
|
- https://www.crowdstrike.com/cybersecurity-101/ntlm-windows-new-technology-lan-manager/
|
|
metadata:
|
|
shodan-query: "port:445"
|
|
verified: true
|
|
tags: js,network,smb,enum,discovery
|
|
|
|
javascript:
|
|
- code: |
|
|
var m = require("nuclei/smb");
|
|
var c = m.SMBClient();
|
|
var response = c.ConnectSMBInfoMode(Host, Port);
|
|
to_json(response);
|
|
|
|
args:
|
|
Host: "{{Host}}"
|
|
Port: "445"
|
|
|
|
matchers:
|
|
- type: dsl
|
|
dsl:
|
|
- "len(ntlm) != 0"
|
|
|
|
extractors:
|
|
- type: json
|
|
internal: true
|
|
part: response
|
|
name: ntlm
|
|
json:
|
|
- '.NTLM'
|
|
|
|
- type: json
|
|
json:
|
|
- '"NTLM: "+ .NTLM'
|
|
# digest: 4a0a0047304502206aad7c1f81a1263b5a61a5f32e558f4376c9f3457de3361e23cbfafa326b0fdc022100927490914f9e68aad7136b64a489c9c67f37abbbc9a817965b2181cb8e231339:922c64590222798bb761d5b6d8e72950 |