0x22bb/hacktricks
1
2
Fork 0
mirror of https://github.com/carlospolop/hacktricks.git synced 2023-12-14 19:12:55 +01:00
Code Releases Activity

GitBook: [master] one page modified

Browse source
This commit is contained in:
CPol 2021-07-27 12:34:38 +00:00 committed by gitbook-bot
parent 983e38d70c
commit 3740295d4b
No known key found for this signature in database
GPG key ID: 07D2180C7B12D0FF
1 changed files with 1 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
windows/ntlm/README.md
View file

@ -74,7 +74,7 @@ The **hash NT \(16bytes\)** is divided in **3 parts of 7bytes each** \(7B + 7B +
Nowadays is becoming less common to find environments with Unconstrained Delegation configured, but this doesn't mean you can't **abuse a Print Spooler service** configured.
You could abuse some credentials/sessions you already have on the AD to **ask the printer to authenticate** against some **host under your control**. Then, using `metasploit auxiliary/server/capture/smb` or `responder` you can **set the authentication challenge to 112233445566778899**, capture the authentication attempt, and if it was done using **NTLMv1** you will be able to **crack it**.
You could abuse some credentials/sessions you already have on the AD to **ask the printer to authenticate** against some **host under your control**. Then, using `metasploit auxiliary/server/capture/smb` or `responder` you can **set the authentication challenge to 1122334455667788**, capture the authentication attempt, and if it was done using **NTLMv1** you will be able to **crack it**.
If you are using `responder` you could try to **use the flag `--lm`** to try to **downgrade** the **authentication**.
_Note that for this technique the authentication must be performed using NTLMv1 \(NTLMv2 is not valid\)._