Start Responder. (Can be downloaded here: [ Ссылка ]) on another computer in the same subnet.
On your Windows computer, in the Start Menu search-field, type anything starting with two backslashes \\ Like:
\\qwerty
Observe that every keypress on the Windows-computer will try to find a computer on the network with that name, using LLMNR.
The computer running Responder, will answer on every LLMNR broadcast and request authentication.

The Windows computer will answer, by sending NetNTLMv2 Hashes
This hash could then be cracked using Hashcat or "John The Ripper", revealing the password.
The hash in the attached video took 1,2 sec. to crack using "John The Ripper", and reveals the password Secret1234.

In this video, the attacker running Responder, listens for LLMNR on the left side of the screen and the Windows 10 Build 2004 computer on the right.

свернуть