#1
Zer0 Day Lab

N/A
Posts

Threads

Likes

Credits
[Photo] Determining AD domain name via NTLM Auth

Determining AD domain name via NTLM Auth

nmap (http-ntlm-info) unable to determine the FQND of an Active Directory domain via OWA, lll

1) curl -I -k -X POST -H 'Authorization: NTLM TlRMTVNTUAABAAAAB4IIogAAAAAAAAAAAAAAAAAAAAAKANc6AAAADw==' -H 'Content-Length: 0' https://autodiscover.exmaple.com/ews

2) echo 'TlRMTVNTUAACAAAADAAMAD...' | python2 ./ntlmdecoder.py

Source:
ntlmdecoder.py

#ntlm #auth #sso #tricks #pentest


https://t.me/zer0daylab/3475