Host 138.68.185.106
United Kingdom
Software information
Microsoft-IIS 7.5
tcp/80
-
Server accepting anonymous credentials
The server is accepting NTLM anonymous credentials.
This allows for authentication bypass to access the underlying application.
https://blog.leakix.net/2022/03/bypassing-ntlm-auth-over-http/
First seen 2024-11-20 15:50-
Fingerprint: 40fea8e6a9bd2c3671ce48dbe86f199c655c5c9c6ffcac47b37910da105c6f10
Server didn't refuse ANONYMOUS NTLM connection Found NTLM information: Running Windows 5.2 build 3790 MsvAvNbComputerName: WIN-W9J2RNVDCD6 MsvAvNbDomainName: 0MHV MsvAvDNSComputerName: WIN-W9J2RNVDCD6.0MHV.LOCAL MsvAvDNSDomainName: 0MHV.LOCAL MsvAvDNSTreeName: 0MHV.LOCAL 200 OK Content-Length: 89 Content-Type: text/html Date: Wed, 20 Nov 2024 15:35:05 GMT Server: Microsoft-IIS/7.5 Www-Authenticate: NTLM <img src='file://///138.68.185.106/pictures/logo.jpg' alt='Loading' height='1' width='1'>
Found on 2024-11-20 15:50
-
-
Open service 138.68.185.106:80
2024-11-20 15:50
HTTP/1.1 401 Unauthorized Server: Microsoft-IIS/7.5 Date: Wed, 20 Nov 2024 15:35:05 GMT Content-Type: text/html WWW-Authenticate: NTLM Content-Length: 0
Found 2024-11-20 by HttpPluginCreate report
-
Open service 138.68.185.106:80
2024-11-20 15:50
Found NTLM information: Running Windows 5.2 build 3790 MsvAvNbComputerName: WIN-W9J2RNVDCD6 MsvAvNbDomainName: 0MHV MsvAvDNSComputerName: WIN-W9J2RNVDCD6.0MHV.LOCAL MsvAvDNSDomainName: 0MHV.LOCAL MsvAvDNSTreeName: 0MHV.LOCAL 200 OK Content-Length: 89 Content-Type: text/html Date: Wed, 20 Nov 2024 15:35:05 GMT Server: Microsoft-IIS/7.5 Www-Authenticate: NTLM <img src='file://///138.68.185.106/pictures/logo.jpg' alt='Loading' height='1' width='1'>
Found 2024-11-20 by HttpNTLMCreate report