Net-ntlm hash is an NTLM authenticated hash in the network environment. This hash can't be passed, but it can be used for NTLM relay attacks.
use Responder to carry out man-in-the-middle attack, thus obtaining the Net-NTLM hash.
1.cmd command
Reference for more acquisition methods:
/post/id/193493
-m specifies the type of hash, and 56 is NetNTLMv2
, which requires the trust relationship between different machines. It is usually used in the domain environment, for example, an attacker acquires the Net-NTLM hash of a domain-controlled host and forwards it to ordinary users in the domain.
utilization conditions: smb signature has been turned off by the target, and personal PCs are usually turned off.
using responder+impacket+msf, the Net-ntlm hash can be obtained, and the msf shell of ordinary users in the domain can be obtained through NTLM relay.
/post/id/193493
/post/id/177123
https://daiker.gitbook.io/windows-protocol/ntlm-pian/6