Why disable LLMNR, NBT-NS and mDNS

preview_player
Показать описание
On your Windows computer, in the Start Menu search-field, type anything starting with two backslashes \\ Like:
\\qwerty
Observe that every keypress on the Windows-computer will try to find a computer on the network with that name, using LLMNR.
The computer running Responder, will answer on every LLMNR broadcast and request authentication.

The Windows computer will answer, by sending NetNTLMv2 Hashes
This hash could then be cracked using Hashcat or "John The Ripper", revealing the password.
The hash in the attached video took 1,2 sec. to crack using "John The Ripper", and reveals the password Secret1234.

In this video, the attacker running Responder, listens for LLMNR on the left side of the screen and the Windows 10 Build 2004 computer on the right.
  1. Andreas Finstad - 4ndr34z
Рекомендации по теме
Why disable LLMNR, 0:00:31

Why disable LLMNR, NBT-NS and mDNS

Windows 7 Hardening: 0:03:25

Windows 7 Hardening: Disabling LLMNR and NBT-NS

How To Remove 0:07:56

How To Remove LLMNR and NBT-NS From Your Active Directory Environment

How to and 0:06:12

How to and why you should disable LLMNR with Windows Server

Active Directory Exploitation 0:08:17

Active Directory Exploitation - LLMNR/NBT-NS Poisoning

Disable LLMNR! 0:00:59

Disable LLMNR!

How to completly 0:01:33

How to completly disable LLMNR?

Stop Hackers Sniffing 0:07:49

Stop Hackers Sniffing Your Credential hashes | Stop LLMNR and NBT-NS Poisoning.

What is LLMNR? 0:00:15

What is LLMNR?

LLMNR, NBT-NS, & 0:24:39

LLMNR, NBT-NS, & mDNS Poisoning Attack

Windows 10 - 0:00:35

Windows 10 - Turn off LLMNR is also advised by me.

Insecure networking protocols: 0:01:00

Insecure networking protocols: LLMNR

Demonstrating the hacking 0:10:19

Demonstrating the hacking danger of windows default protocols LLMNR and NBT-NS - Part 1

How to disable 0:03:08

How to disable LLMNR on Windows - Cyber Security Tips #7

LLMNR Poisoning Attack 0:09:09

LLMNR Poisoning Attack | Active Directory Exploitation

LLMNR Disabling possible 0:01:21

LLMNR Disabling possible issues?

Spoofing LLMNR, NBT-NS, 0:36:50

Spoofing LLMNR, NBT-NS, mDNS/DNS and WPAD and Relay Attacks

Active Directory Pentesting 0:04:51

Active Directory Pentesting - 12 LLMNR NBT-NS Explained

Exploiting Active Directory 0:11:33

Exploiting Active Directory Using LLMNR/NBT-NS Poisoning

Sec Tips #6: 0:12:03

Sec Tips #6: Attacking Active Directory - LLMNR/NBT-NS Poisoning

NetBIOS and LLMNR 0:04:15

NetBIOS and LLMNR Poisoning | Attack Demonstration

LLMNR and NBT-NS 0:05:27

LLMNR and NBT-NS Poisoning using Responder

SALTINBANK - WINDOWS 0:05:08

SALTINBANK - WINDOWS POUR LES NULS : Désactiver les failles merdiques de LLMNR / NBT-S...

LLMNR - Poisoning 0:01:49

LLMNR - Poisoning | Responder

Комментарии
Автор

thx, informative video, even tho i just found this information 5 min before watching the video, would be glad if i saw it earlier, would safe my time hahaha

samfisher
Автор

Hi, could you explain more what is being done?

brandonfontaine