Intercept and Hashcat

Using Responder, we can make this attack happen using this command :

python responder.py -I <interface> -rdwv

Now you should see some hashes (NTLMv2) captured. The captured hashes are output into the logs file of Responder (/usr/share/responder/logs) At this point, you have two options, either relay the hash to try and have an open session (we'll see that in the next page) or you can take the hash and try to crack it offline by running hashcat on it using the following command (depending on where you're running it, its best to run it on your host system) :

hashcat -m 5600 hashes.txt dictionary.txt

You can use the following cheat sheet for more infos on how to use hashcat

PreviousLLMNR/NBT-NS Poisoning NextSMB relay

Last updated 4 years ago