Host 176.111.174.204
Russia
-
Server accepting anonymous credentials
The server is accepting NTLM anonymous credentials.
This allows for authentication bypass to access the underlying application.
https://blog.leakix.net/2022/03/bypassing-ntlm-auth-over-http/
First seen 2024-11-20 01:12
Last seen 2024-11-24 00:35
Open for 3 days-
Fingerprint: 40fea8e6a9bd2c3671ce48dbe86f199c98a4427a58088f6777fded0c22bff2a8
Server didn't refuse ANONYMOUS NTLM connection Found NTLM information: Running Windows 10.0 build 20348 MsvAvNbComputerName: WIN-ZAAO8YRXMNN MsvAvNbDomainName: EGZC MsvAvDNSComputerName: WIN-ZAAO8YRXMNN.EGZC.LOCAL MsvAvDNSDomainName: EGZC.LOCAL MsvAvDNSTreeName: EGZC.LOCAL 200 OK Content-Length: 0 Content-Type: text/html Date: Wed, 20 Nov 2024 05:48:24 GMT Server: Microsoft-IIS/10.0 Www-Authenticate: NTLM
Found on 2024-11-24 00:35 -
Fingerprint: 40fea8e6a9bd2c3671ce48dbe86f199c98a4427ae545ab4edce8465bc249d230
Server didn't refuse ANONYMOUS NTLM connection Found NTLM information: Running Windows 10.0 build 20348 MsvAvNbComputerName: WIN-P8MCT2QAKAL MsvAvNbDomainName: LK28 MsvAvDNSComputerName: WIN-P8MCT2QAKAL.LK28.LOCAL MsvAvDNSDomainName: LK28.LOCAL MsvAvDNSTreeName: LK28.LOCAL 200 OK Content-Length: 0 Content-Type: text/html Date: Mon, 18 Nov 2024 18:00:07 GMT Server: Microsoft-IIS/10.0 Www-Authenticate: NTLM
Found on 2024-11-20 01:12
-
-
Open service 176.111.174.204:445
2024-11-20 16:40
SMB NTLMSSP handshake results: Found Windows 6.3 build 9600 NbComputerName: WIN-ZAAO8YRXMNN NbDomainName: EGZC DNSComputerName: EGZC.LOCAL DNSDomainName: WIN-ZAAO8YRXMNN.EGZC.LOCAL DNSTreeName: EGZC.LOCAL
Found 2024-11-20 by SmbPluginCreate report