Microsoft-IIS 7.5
tcp/8080
The server is accepting NTLM anonymous credentials.
This allows for authentication bypass to access the underlying application.
https://blog.leakix.net/2022/03/bypassing-ntlm-auth-over-http/
Fingerprint: 40fea8e6a9bd2c3671ce48dbe86f199c655c5c9cddda7e320f594671218ea9a8
Server didn't refuse ANONYMOUS NTLM connection Found NTLM information: Running Windows 5.2 build 3790 MsvAvNbComputerName: WIN-HCPF9YGKDEN MsvAvNbDomainName: RZBI MsvAvDNSComputerName: WIN-HCPF9YGKDEN.RZBI.LOCAL MsvAvDNSDomainName: RZBI.LOCAL MsvAvDNSTreeName: RZBI.LOCAL 200 OK Content-Length: 87 Content-Type: text/html Date: Tue, 09 Jan 2024 07:42:05 GMT Server: Microsoft-IIS/7.5 Www-Authenticate: NTLM <img src='file://///86.4.174.179/pictures/logo.jpg' alt='Loading' height='1' width='1'>
Open service 86.4.174.179:8080
2024-05-12 19:04
HTTP/1.1 401 Unauthorized Server: Microsoft-IIS/7.5 Date: Tue, 09 Jan 2024 07:42:05 GMT Content-Type: text/html WWW-Authenticate: NTLM Content-Length: 0
Open service 86.4.174.179:8080
2024-05-12 19:04
Found NTLM information: Running Windows 5.2 build 3790 MsvAvNbComputerName: WIN-HCPF9YGKDEN MsvAvNbDomainName: RZBI MsvAvDNSComputerName: WIN-HCPF9YGKDEN.RZBI.LOCAL MsvAvDNSDomainName: RZBI.LOCAL MsvAvDNSTreeName: RZBI.LOCAL 200 OK Content-Length: 87 Content-Type: text/html Date: Tue, 09 Jan 2024 07:42:05 GMT Server: Microsoft-IIS/7.5 Www-Authenticate: NTLM <img src='file://///86.4.174.179/pictures/logo.jpg' alt='Loading' height='1' width='1'>
Open service 86.4.174.179:8080
2024-05-08 13:45
HTTP/1.1 401 Unauthorized Server: Microsoft-IIS/7.5 Date: Tue, 09 Jan 2024 07:42:05 GMT Content-Type: text/html WWW-Authenticate: NTLM Content-Length: 0
Open service 86.4.174.179:8080
2024-05-08 13:45
Found NTLM information: Running Windows 5.2 build 3790 MsvAvNbComputerName: WIN-HCPF9YGKDEN MsvAvNbDomainName: RZBI MsvAvDNSComputerName: WIN-HCPF9YGKDEN.RZBI.LOCAL MsvAvDNSDomainName: RZBI.LOCAL MsvAvDNSTreeName: RZBI.LOCAL 200 OK Content-Length: 87 Content-Type: text/html Date: Tue, 09 Jan 2024 07:42:05 GMT Server: Microsoft-IIS/7.5 Www-Authenticate: NTLM <img src='file://///86.4.174.179/pictures/logo.jpg' alt='Loading' height='1' width='1'>
Open service 86.4.174.179:8080
2024-04-30 19:56
HTTP/1.1 401 Unauthorized Server: Microsoft-IIS/7.5 Date: Tue, 09 Jan 2024 07:42:05 GMT Content-Type: text/html WWW-Authenticate: NTLM Content-Length: 0
Open service 86.4.174.179:8080
2024-04-30 19:56
Found NTLM information: Running Windows 5.2 build 3790 MsvAvNbComputerName: WIN-HCPF9YGKDEN MsvAvNbDomainName: RZBI MsvAvDNSComputerName: WIN-HCPF9YGKDEN.RZBI.LOCAL MsvAvDNSDomainName: RZBI.LOCAL MsvAvDNSTreeName: RZBI.LOCAL 200 OK Content-Length: 87 Content-Type: text/html Date: Tue, 09 Jan 2024 07:42:05 GMT Server: Microsoft-IIS/7.5 Www-Authenticate: NTLM <img src='file://///86.4.174.179/pictures/logo.jpg' alt='Loading' height='1' width='1'>
Open service 86.4.174.179:8080
2024-04-28 18:47
Found NTLM information: Running Windows 5.2 build 3790 MsvAvNbComputerName: WIN-HCPF9YGKDEN MsvAvNbDomainName: RZBI MsvAvDNSComputerName: WIN-HCPF9YGKDEN.RZBI.LOCAL MsvAvDNSDomainName: RZBI.LOCAL MsvAvDNSTreeName: RZBI.LOCAL 200 OK Content-Length: 87 Content-Type: text/html Date: Tue, 09 Jan 2024 07:42:05 GMT Server: Microsoft-IIS/7.5 Www-Authenticate: NTLM <img src='file://///86.4.174.179/pictures/logo.jpg' alt='Loading' height='1' width='1'>
Open service 86.4.174.179:8080
2024-04-28 18:47
HTTP/1.1 401 Unauthorized Server: Microsoft-IIS/7.5 Date: Tue, 09 Jan 2024 07:42:05 GMT Content-Type: text/html WWW-Authenticate: NTLM Content-Length: 0
Open service 86.4.174.179:8080
2024-04-26 02:36
HTTP/1.1 401 Unauthorized Server: Microsoft-IIS/7.5 Date: Tue, 09 Jan 2024 07:42:05 GMT Content-Type: text/html WWW-Authenticate: NTLM Content-Length: 0
Open service 86.4.174.179:8080
2024-04-26 02:36
Found NTLM information: Running Windows 5.2 build 3790 MsvAvNbComputerName: WIN-HCPF9YGKDEN MsvAvNbDomainName: RZBI MsvAvDNSComputerName: WIN-HCPF9YGKDEN.RZBI.LOCAL MsvAvDNSDomainName: RZBI.LOCAL MsvAvDNSTreeName: RZBI.LOCAL 200 OK Content-Length: 87 Content-Type: text/html Date: Tue, 09 Jan 2024 07:42:05 GMT Server: Microsoft-IIS/7.5 Www-Authenticate: NTLM <img src='file://///86.4.174.179/pictures/logo.jpg' alt='Loading' height='1' width='1'>
Open service 86.4.174.179:8080
2024-04-24 22:02
Found NTLM information: Running Windows 5.2 build 3790 MsvAvNbComputerName: WIN-HCPF9YGKDEN MsvAvNbDomainName: RZBI MsvAvDNSComputerName: WIN-HCPF9YGKDEN.RZBI.LOCAL MsvAvDNSDomainName: RZBI.LOCAL MsvAvDNSTreeName: RZBI.LOCAL 200 OK Content-Length: 87 Content-Type: text/html Date: Tue, 09 Jan 2024 07:42:05 GMT Server: Microsoft-IIS/7.5 Www-Authenticate: NTLM <img src='file://///86.4.174.179/pictures/logo.jpg' alt='Loading' height='1' width='1'>
Open service 86.4.174.179:8080
2024-04-24 22:02
HTTP/1.1 401 Unauthorized Server: Microsoft-IIS/7.5 Date: Tue, 09 Jan 2024 07:42:05 GMT Content-Type: text/html WWW-Authenticate: NTLM Content-Length: 0
Open service 86.4.174.179:22
2024-04-24 06:54
Open service 86.4.174.179:8080
2024-04-18 18:51
HTTP/1.1 401 Unauthorized Server: Microsoft-IIS/7.5 Date: Tue, 09 Jan 2024 07:42:05 GMT Content-Type: text/html WWW-Authenticate: NTLM Content-Length: 0
Open service 86.4.174.179:8080
2024-04-18 18:51
Found NTLM information: Running Windows 5.2 build 3790 MsvAvNbComputerName: WIN-HCPF9YGKDEN MsvAvNbDomainName: RZBI MsvAvDNSComputerName: WIN-HCPF9YGKDEN.RZBI.LOCAL MsvAvDNSDomainName: RZBI.LOCAL MsvAvDNSTreeName: RZBI.LOCAL 200 OK Content-Length: 87 Content-Type: text/html Date: Tue, 09 Jan 2024 07:42:05 GMT Server: Microsoft-IIS/7.5 Www-Authenticate: NTLM <img src='file://///86.4.174.179/pictures/logo.jpg' alt='Loading' height='1' width='1'>