Sep 29, 2023
Today we talk about an awesome path to internal network pentest
pwnage using downgraded
authentication from a domain controller, a tool
called ntlmv1-multi, and a
boatload of cloud-cracking power on the cheap from vast.ai. Here's my chicken scratch notes for
how to take the downgraded authentication hash capture
(using Responder.py -I eth0 --lm) and eventually
tweeze out the NTLM hash of the domain controller (see
https://7ms.us for full show notes).