Client Attacks: NetNTLM Hash Stealing

Summary

Excerpt From wi-fi vulnerabilities part 2 Webinar
Find Out More About Client Attacks: NetNTLM Hash Stealing from CTO Dr. Brett Walkenhorst.
When a client tries to access a resource, attackers can intercept the hash by using the LLMNR protocol. This could enable them to crack the resource and take resources and domain credentials. This method leaves certain network protocols open to being exploited for unauthorized access. Watch the video below to learn more about the Net NTLM hash stealing.

Video Transcript

Finally, we can force them through a hostile portal to surrender what's called a password hash. In this case, the Net NCLM is notorious for being leaked from certain Windows applications, which can then be cracked through some hash cracking tool that's out there and give you domain credentials. So now if I can do this, if I can get your client to connect to me, I can exploit something called LLMNR, which is a multicast name resolution protocol to obtain your hash because you're basically gonna say, I've got this portal.

I'm trying to access this, and I say, oh, oh, I can tell you where to go. Send me your hash, and I'll connect you. You send me your hash, and I've got your cryptographic information, which if I can crack, I can get access to your domain resources.