Hey Cyber Mentor , I started watching your videos from yesterday and I'm loving them so muchh 🤩🤩. Could you please do more videos on Active Directory Attacks.....
Thanks for the info. I was doing a practice exam for Pentest+, and I stumble across a LLMNR question. I was lost so I guess. Now I know what it is. THanks
@@TCMSecurityAcademy Mitigating is a PITA though, Microsoft changed the way to manage browser settings via GPO once or twice just to make things complicated.
Can i ask in a real life scenario, when will a victim connect to the attacker's IP? Or what must a victim do to have its hash appear on the attacker's machine. In this case, you intentionally made the victim connect directly to the attacker's IP. What about in a real life scenario?
Hey Heath, Love your content! I am actually completing this section of your course on the TCM platform. The process makes sense, however I am not sure how this would translate in a real life situation. In the example given, the user tries to connect to the attacker IP which would not actually happen given the user would not even know the attackers IP, let alone attempt to connect to it. Given in this scenario we are acting as both user and attacker, we can make this connection. But I am trying to figure out what this would look like if we were not acting as the user and able to connect to that IP? Thanks!
Great video, but I do have one question: How often is it that someone during a live pen-test will input the shared folder/server incorrectly? I can see how running responder just in case can't hurt, but is this truly a common way of gathering hashes? Especially because the server may already appear in the file explorer without the need to manually type it in. Thanks!
Thanks. That's just an example. LLMNR is a name resolution backup to DNS. There are tons of triggers and it's incredibly common to get hashes during an internal pentest, especially on lower level engagements. Larger companies may have turned off LLMNR in their networks.
Very good tutorial. I tried it in a pentest that I did but did not get results. The pentest is towards an internal network that I access through a VPN from the client company that assigns us an IP within its network. But the 'Responder' is run from the VM Kali which has a different IP by NAT although it works fine for other tools. If I put 'Bridge Adapter' in Kali, I get an IP within the network of the machine that does the 'pentest', but I did not get a response from the Responder. The IP provided by the VPN of the client company, I understand that it collects all the traffic directed to those internal IPs, both from the testing machine itself and from the Kali virtual machine in it. Why then does it not collect traffic with the Reply Analyzer?
@TheCyber Mentor could you please help us since we are not able to retrieve the hashes on the responder. We have undertaken all steps for the lab as told by your udemy videos.
I have installed Kali Linux(192.168.1.100) in Virtualbox and I am on windows 10(192.168.1.117) . Enabled Bridiging in VirtualBox Settings. Now I ran responder in logs and it is showing as poisoning but when I tried this \\192.168.1.100 on windows machine, I can see Ipaddress on responder as poisoned but I cant see windows NTLM hashes on responder. how can I see the hashes??? I want to practice on Virtual box now. Please help Cyber Mentor
I hope you enjoyed this video! If so, please consider dropping a like and subscribing.
I love these shorter type videos. Keep up the good work and good luck on your independent consulting gig!
Thank you, sir. I need all the luck I can get!
Hey Cyber Mentor , I started watching your videos from yesterday and I'm loving them so muchh 🤩🤩. Could you please do more videos on Active Directory Attacks.....
Thanks for the info. I was doing a practice exam for Pentest+, and I stumble across a LLMNR question. I was lost so I guess. Now I know what it is.
THanks
Here by PingCastle recommendation... Great explanation... Regards,
thank you for making this so accessible
Nice demo and great job explaining. Looking forward to watch more of your videos.
This is a nice video man. Next time you are going to talk about smb signing disabled and relaying?
I sure did. ua-cam.com/video/QvMeLoyS944/v-deo.html :)
Great vid, this attack is a lot of fun on networks vulnerable to WPAD spoofing. Every time someone opens a browser window you get their hash lol.
WPAD is a great one!
@@TCMSecurityAcademy Mitigating is a PITA though, Microsoft changed the way to manage browser settings via GPO once or twice just to make things complicated.
Great Content
Can i ask in a real life scenario, when will a victim connect to the attacker's IP? Or what must a victim do to have its hash appear on the attacker's machine. In this case, you intentionally made the victim connect directly to the attacker's IP. What about in a real life scenario?
Nmap scenario
Tanks verymuch
Hey Heath,
Love your content!
I am actually completing this section of your course on the TCM platform. The process makes sense, however I am not sure how this would translate in a real life situation. In the example given, the user tries to connect to the attacker IP which would not actually happen given the user would not even know the attackers IP, let alone attempt to connect to it.
Given in this scenario we are acting as both user and attacker, we can make this connection. But I am trying to figure out what this would look like if we were not acting as the user and able to connect to that IP?
Thanks!
Thanks!
Great video, but I do have one question: How often is it that someone during a live pen-test will input the shared folder/server incorrectly? I can see how running responder just in case can't hurt, but is this truly a common way of gathering hashes? Especially because the server may already appear in the file explorer without the need to manually type it in. Thanks!
Thanks. That's just an example. LLMNR is a name resolution backup to DNS. There are tons of triggers and it's incredibly common to get hashes during an internal pentest, especially on lower level engagements. Larger companies may have turned off LLMNR in their networks.
@@TCMSecurityAcademy Good to know! Thanks for the great videos!
Thanks Sir.
Very good tutorial. I tried it in a pentest that I did but did not get results. The pentest is towards an internal network that I access through a VPN from the client company that assigns us an IP within its network. But the 'Responder' is run from the VM Kali which has a different IP by NAT although it works fine for other tools. If I put 'Bridge Adapter' in Kali, I get an IP within the network of the machine that does the 'pentest', but I did not get a response from the Responder. The IP provided by the VPN of the client company, I understand that it collects all the traffic directed to those internal IPs, both from the testing machine itself and from the Kali virtual machine in it. Why then does it not collect traffic with the Reply Analyzer?
@TheCyber Mentor could you please help us since we are not able to retrieve the hashes on the responder. We have undertaken all steps for the lab as told by your udemy videos.
do you need them to type in the attacker ip address in order to capture the hash?
I have installed Kali Linux(192.168.1.100) in Virtualbox and I am on windows 10(192.168.1.117) . Enabled Bridiging in VirtualBox Settings. Now I ran responder in logs and it is showing as poisoning but when I tried this \\192.168.1.100 on windows machine, I can see Ipaddress on responder as poisoned but I cant see windows NTLM hashes on responder. how can I see the hashes??? I want to practice on Virtual box now. Please help Cyber Mentor
guys try using responder 3.0.0.0 or earlier version. It works.
Please bring new more videos for windows
I have a question. What is the name of the program in 5.57 minutes? Kali or Windows?
It is hashcat for password cracking, it can be installed on windows and linux
Hashcat on Kali
I'm unable to get the hashes for some reason! There's an exception error. Could you tell me why this happens and how I can fix this?
guys try using responder 3.0.0.0 or earlier version. It works.