- "description": "This module provides a SMB service that can be used to capture the challenge-response\n password NTLMv1 & NTLMv2 hashes used with SMB1, SMB2, or SMB3 client systems.\n Responses sent by this service have by default a random 8 byte challenge string\n of format `\\x11\\x22\\x33\\x44\\x55\\x66\\x77\\x88`, allowing for easy cracking using\n Cain & Abel (NTLMv1) or John the ripper (with jumbo patch).\n\n To exploit this, the target system must try to authenticate to this\n module. One way to force an SMB authentication attempt is by embedding\n a UNC path (\\\\SERVER\\SHARE) into a web page or email message. When\n the victim views the web page or email, their system will\n automatically connect to the server specified in the UNC share (the IP\n address of the system running this module) and attempt to\n authenticate. Another option is using auxiliary/spoof/{nbns,llmnr} to\n respond to queries for names the victim is already looking for.\n\n Documentation of the above spoofing methods can be found by running `info -d`.",
0 commit comments