For capturing the password hash over SMB the following module needs to be used: NBNS Spoofing can be implemented through Metasploit Framework by using a variety of modules that can capture the negotiate authentication challenge for protocols such as SMB and HTTP. NBNS Spoofing – Hashes via Responder Metasploit When a host in the network sent a NetBIOS broadcast the machine of the attacker will sent a fake reply and the host will attempt to authenticate to a resource using the NTLM password hash. Running the tool with the following arguments will initiate the poisoning against various protocols that require authentication such as SMB, HTTP etc. Trustwave SpiderLabs developed Responder to implement the NBNS spoofing attack. The retrieved password hashes can be cracked offline or can be used in conjunction with a relay attack to achieve legitimate access into hosts. Abusing this service to perform a Man-in-the-middle attack is a common tactic that has been widely used by penetration testers and red teamers to gain initial foothold inside a system. Systems will use this service when resolving names over LHOSTS and DNS fail. Netbios Name Service (NBT-NS) is used in Windows networks for communication between hosts.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |