How to Capture Net-NTLMv2 Hashes Using DHCP w/ Responder
We’ve discussed how to use Responder to capture Net-NTLMv2 hashes using protocols like LLMNR before, but the latest version now allows for DHCP poisoning, a phenomenally effective method.
Disclaimer: This content is intended to be consumed by cyber security professionals, ethical hackers, and penetration testers. Any attacks performed in this video should only be performed in environments that you control or have explicit permission to perform them on.
👇 SUBSCRIBE TO INFINITELOGINS YOUTUBE CHANNEL NOW 👇
https://www.youtube.com/c/infinitelogins?sub_confirmation=1
00:00 – Intro
01:37 – Explaining DHCP
03:00 – Explaining WPAD
04:40 – Visualizing the Attack
08:48 – Configuring Responder
12:20 – Running the Attack
16:12 – Cracking NTLMv2 Hashes
19:23 – Wrapping Up
Blog post mentioned in video:
https://g-laurent.blogspot.com/2021/08/responders-dhcp-poisoner.html
___________________________________________
Social Media:
Website: https://infinitelogins.com/
Twitter: https://twitter.com/infinitelogins
Twitch: https://www.twitch.tv/infinitelogins
___________________________________________
Donations and Support:
Like my content? Please consider supporting me on Patreon:
https://www.patreon.com/infinitelogins
Get $100 in free Digital Ocean credit.
https://m.do.co/c/52f31a812d96
Purchase a VPN Using my affiliate link
https://www.privateinternetaccess.com/pages/buy-vpn/infinitelogins
___________________________________________
Tags: #Responder #Python #DHCP
by Infinite Logins
linux dhcp server
the only hash that contains a password is when the login screen pops up on firefox and I enter creds than I got the hash on responder , and I only get hashes when I type something in files not on the web
Thank you! Used ran responder that comes on kali default! Responder was up and listening, but no hashes . I tried to modify the conf file, but I couldn't get it to work. Landed on the author blog then this video. Thank you. Very much.
I think it is really cool how we can now add our scoop IP!
great presentation
Great video man!
Do you need admin permission for this ? ( if your running on Windows enviorment with no admin prvilleges )
Hi,
Great video but I've a small problem.
It says "[Proxy-Auth] Sending NTLM authentication request to IP"
but it doesn't give hashes or something like that.
The -r flag doesn't work anymore in later versions.
it also doesn't send any hashes when using older versions
Maybe cuz of Win11
YouTube request respond many think
YouTube Manchester United respond bagundali
Cant belive no one ask this but can we relay it ??????
that's really informative and helpful. Great content.. Thank you!!
Does one need to disable home router DHCP? In order to carry on this DHCP attack one has to have access to internal network, right?
ERROR LINE 1 NO HASH LOADED 🙁
I got this error " ModuleNotFoundError: No module named 'netifaces' " what should I do next?
Thanks for the amazing explanation
I think, the responder is updated, no need to make changes in responder.conf file …
My Question here is Why the hashes you are getting are different every time
dLillard::LOGO:8074…
You have such a great way of teaching my friend, I wish you are my teacher 👨🏫
Great content. Can’t wait to pull this off next week
Is there a way to detect or prevent this in an enterprise env? If this is done in an actual engagement, what will be the recommendation that we would give to the client?
Yo welcome back
Amazing thanks