Output metadata about a server contained in an NTLM challenge message yielded from a specified endpoint.
Supports the following protocols: HTTP/HTTPS, LDAP/LDAPS.
Utilizes my ntlm library!
$ ./ntlm_target_information.py --help
usage: ntlm_target_information.py [-h] [-w TIMEOUT] url
Output metadata about a server contained in an NTLM challenge message yielded from a specified endpoint.
positional arguments:
url The URL of an endpoint that supports NTLM authentication, whose server to obtain information about.
options:
-h, --help show this help message and exit
-w TIMEOUT, --timeout TIMEOUT
The number of seconds to wait before timing out when trying to connect to the endpoint.
$ ./ntlm_target_information.py 'https://mail.stureplansgruppen.se/autodiscover'
Output:
Domain FQDN: SPG.LOCAL
Forest FQDN: SPG.LOCAL
Server FQDN: SPG-SR-EX-01.SPG.LOCAL
Server NetBIOS computer name: SPG-SR-EX-01
Server NetBIOS domain name: SPG
Server time: 2021-01-09 19:21:43.936851
👍
- [MS-NLMP]: AV_PAIR | Microsoft Docs - Documentation about the structure in the NTLM challenge message that stores the metadata.