NTLM Information Disclosure

Manually

telnet example.com 143
...
>> a1 AUTHENTICATE NTLM
+
>> TlRMTVNTUAABAAAAB4IIAAAAAAAAAAAAAAAAAAAAAAA=
+ TlRMTVNTUAACAAAACgAKADgAAAAFgooCBqqVKFrKPCMAAAAAAAAAAEgASABCAAAABgOAJQAAAA9JAEkAUwAwADEAAgAKAEkASQBTADAAMQABAAoASQBJAFMAMAAxAAQACgBJAEkAUwAwADEAAwAKAEkASQBTADAAMQAHAAgAHwMI0VPy1QEAAAAA

nmap -p 143,993 --script imap-ntlm-info 10.0.0.3

143, 993 - IMAP

Banner Grabbing

Telnet

telnet 10.0.0.3 143

Netcat

nc -n 10.0.0.3 143

openssl

openssl s_client -connect 10.0.0.3:993

Parameters

s_client: SSL/TLS client program.

NTLM Information Disclosure

Manually

telnet example.com 143
...
>> a1 AUTHENTICATE NTLM
+
>> TlRMTVNTUAABAAAAB4IIAAAAAAAAAAAAAAAAAAAAAAA=
+ TlRMTVNTUAACAAAACgAKADgAAAAFgooCBqqVKFrKPCMAAAAAAAAAAEgASABCAAAABgOAJQAAAA9JAEkAUwAwADEAAgAKAEkASQBTADAAMQABAAoASQBJAFMAMAAxAAQACgBJAEkAUwAwADEAAwAKAEkASQBTADAAMQAHAAgAHwMI0VPy1QEAAAAA

NSE Script

nmap -p 143,993 --script imap-ntlm-info 10.0.0.3

Previous139, 445 - SMB Next161 - SNMP

Last updated 2 years ago

Was this helpful?