impacket-dumpntlminfo 命令

常用示例

说明

impacket-dumpntlminfo performs NTLM authentication against a remote host and extracts information from the NTLM challenge response, without requiring any credentials. By initiating an SMB or RPC connection, the tool triggers an NTLM authentication handshake and parses the server's response to reveal details such as the hostname, domain name, DNS information, OS version, and timestamp. This is useful for reconnaissance during penetration testing, as it provides network and host information without authentication.

参数

-debug

Turn DEBUG output on.

-ts

Add timestamp to every logging output.

-target-ip _IP_

IP address of the target machine. Useful when target is a NetBIOS name that cannot be resolved.

-port _PORT_

Destination port to connect to the SMB/RPC server. Default is 445.

-protocol {SMB, RPC}

Protocol to use. Default is SMB. Port 135 normally uses RPC.