Attacking Active Directory | LLMNR Part 3: Relaying Hashes

Показать описание

Previously, I've shown you how to capture Net-NTLM hashes by abusing LLMNR in an Active Directory environment. In part two, I showed you how to take these hashes offline and try to crack them. This time, I show you how to bypass cracking the hashes by relaying them to machines that have SMB Signing disabled or not enforced! If you enjoy this content, please consider subscribing or sharing with a friend.

Disclaimer: This content is intended to be consumed by cyber security professionals, ethical hackers, and penetration testers. Any attacks performed in this video should only be performed in environments that you control or have explicit permission to perform them on.

0:00 - Introduction
1:25 - Pass The Hash vs Relay Attacks
3:05 - Topology of Network
4:30 - Prereqs for Relay Attacks
7:00 - Setting up Attack
9:00 - Performing the Attack
14:07 - Showing Attack Without Admin Rights
16:40 - Conclusion

👇 SUBSCRIBE TO INFINITELOGINS YOUTUBE CHANNEL NOW 👇

Blog post mentioned in video:

Attacking Active Directory | LLMNR Part 1: Capturing Hashes

Attacking Active Directory | LLMNR Part 2: Cracking Hashes

___________________________________________
Social Media:

___________________________________________
Donations and Support:
Like my content? Please consider supporting me on Patreon:

Purchase a VPN Using my Affiliate Link

___________________________________________
Tags: #EthicalHacking #LLMNR #Pentesting

Рекомендации по теме

Комментарии

How do you use LLMNR through a pivot host? I've tried using chisel and proxychains with responder and ntlmrelayx...Even though I can ping the victims from the attacker machine and I can run other tools successfully. Responder and ntlmrelayx never seem to work through a pivot or proxies.

b-rent

This video is just amazing. Very clear and concise explanations, easy to understand. Thank you...

dawnSker

Attacking Active Directory | LLMNR Part 3: Relaying Hashes

Attacking Active Directory | LLMNR Part 1: Capturing Hashes

Active Directory Exploitation - LLMNR/NBT-NS Poisoning

Sec Tips #6: Attacking Active Directory - LLMNR/NBT-NS Poisoning

LLMNR Poisoning Attack | Active Directory Exploitation

Hack Active Directory with LLMNR

Attacking Active Directory | LLMNR Part 3: Relaying Hashes

LLMNR Poisoning with Responder - Active Directory Lab

NetBIOS and LLMNR Poisoning | Attack Demonstration

Exploiting Active Directory Using LLMNR/NBT-NS Poisoning

Attacking Active Directory | LLMNR Part 2: Cracking Hashes

LLMNR POISIONING || ACTIVE DIRECTORY ATTACKS || LIVE DEMO

How To Remove LLMNR and NBT-NS From Your Active Directory Environment

Hacking Active Directory for Beginners (over 5 hours of content!)

Active Directory Attacks #2 LLMNR Poisoning

Hacking Active Directory with LLMNR & WPAD Poisoning: Explanation & Live Demo

LLMNR Poisoning

[Attack]tive Directory: Compromising a Network in 20 Minutes Through Active Directory

Active Directory Pentest - Session 4 - LLMNR/NBT-NS Poisoning

LLMNR Attack Active Directory Attack

Active Directory Hacking - Part 3 (LLMNR Poisoning, Hash Cracking, and More!)

LLMNR Poisoning | NTLM Relay Attack | Windows Domain | Reverse Shell

Attacking Active Directory | Capturing Hashes via File Shares & .LNK Files

LLMNR/NBTNS Poisoning

Top Active Directory Attacks: Understand, then Prevent and Detect