The tool Responder written in Python permits to listen on a specific network card requests and automatically poisoning victims the steal hash
NTLMv1 and hash
The attack Pass-The-Hash permits to connect to a service like SMB.
I am a little bit confused about difference between hash
LM and hash
NTLM and so the consequences of a Pass-The-Hash attack.
I know that it’s also possible to crack the hash
NTLMv2 with John for example.
From the premise that password is complex and it’s not possible to brute-force it, apart connect to a share and get some sensitive files :
- What can do an attacker on the same network ?
- Is it possible to forge connect to RDP service for example ?
- Is it possible to forge a sliver/gold Kerberos ticket ?