PCAPNG files generated by tcpdump and other open source network sniffers. ETL files, which are structured differently than the more popular. There are two tools within Windows that provide native packet capture capabilities, PKTMON.EXE and NETSH.EXE. Live off the Land and Capture Packets in Windows The most infamous of these tools is Responder, which has been a staple in the penetration testing arsenal for many years. As such, many tools in contemporary penetration testing focus on intercepting NTLMv2 authentication handshakes, which can be assembled into crackable password hashes or relayed to other hosts on a network to gain access without the need to crack hashes.
Other network authentication protocols exist for Windows Active Directory - most notably Kerberos - but NTLMv2 is still widely used on today's organizational networks. NTLMv2 - sometimes referred to as Net-NTLMv2 - is a challenge / response hashing algorithm that is used on Windows networks. TL DR: Yes it is possible and I wrote a Python3 script called NTLMRawUnHide that can extract NTLMv2 password hashes from packet dumps of many formats! What is NTLMv2 authentication and why is it important? I quickly wondered if it would be feasible to use this utility, and other native tools within Windows, to capture NTLMv2 network authentication handshakes. Last month Bleeping Computer published an article about PKTMON.EXE, a little known utility in Windows 10 that provides the ability to sniff and monitor network traffic. Live off the Land and Crack the NTLMSSP Protocol
0 kommentar(er)
