Locate and attack Lync and Skype for Business.
A collection of tools to enumerate and attack self-hosted Skype for Business and Microsoft Lync installations:
Enumerate users via auth timing bug while brute forcing, lock accounts, locate lync installs.
Example of how to use Nmap with http-ntlm-info script to discover internal NetBIOS & domain names.
Example of a brute force attack against Skype/Lync using Medusa.
Script to get NetBIOS Domain name from NTLM auth.