logo
DATABASE RESOURCES PRICING ABOUT US

rdp-ntlm-info NSE Script

Description

This script enumerates information from remote RDP services with CredSSP (NLA) authentication enabled. Sending an incomplete CredSSP (NTLM) authentication request with null credentials will cause the remote service to respond with a NTLMSSP message disclosing information to include NetBIOS, DNS, and OS build version. ## Script Arguments #### smbdomain, smbhash, smbnoguest, smbpassword, smbtype, smbusername See the documentation for the [smbauth](<../lib/smbauth.html#script-args>) library. ## Example Usage nmap -p 3389 --script rdp-ntlm-info <target> ## Script Output 3389/tcp open ms-wbt-server syn-ack ttl 128 Microsoft Terminal Services | rdp-ntlm-info: | Target_Name: W2016 | NetBIOS_Domain_Name: W2016 | NetBIOS_Computer_Name: W16GA-SRV01 | DNS_Domain_Name: W2016.lab | DNS_Computer_Name: W16GA-SRV01.W2016.lab | DNS_Tree_Name: W2016.lab | Product_Version: 10.0.14393 |_ System_Time: 2019-06-13T10:38:35+00:00 ## Requires * [datetime](<../lib/datetime.html>) * [os](<>) * [shortport](<../lib/shortport.html>) * [stdnse](<../lib/stdnse.html>) * [smbauth](<../lib/smbauth.html>) * [string](<>) * [rdp](<../lib/rdp.html>) * * *


Related