Gaining a foothold: Using Responder and NTLM Relay attack

A previous post showed how to capture hashes and cracking them. But what if you can't crack the passwords? Is there anyway to pass this captured hash instead? Lucky for us, there is! A great post written by byt3bl33d3r back in 2017 that covers exactly what I'm about to briefly show, I suggest you check out his post for more information.

Like most my posts, I only scratch the surface and emulate a real attack. I don't go in depth since there are tons of other write-ups out there that do. Instead, I make more of a step-by-step illustration of how the attack was conducted.

To get started, it is important to know the difference between some of the technology: