Is SMB relay same as NTLM relay? – Digitalmunition




Home Forums Is SMB relay same as NTLM relay?

This topic contains 1 reply, has 2 voices, and was last updated by  subtiliusque 1 month, 2 weeks ago.

  • Author
    Posts
  • #292906

    anonymous
    Participant

    So I’ve been reading about the SMB relay attacks using responder.py and ntlmrelay.py. Most articles start off with an explanation of NTLM authentication flow. As far as I have understood, this attack relays a compromised user’s (say A) NTLM hash to another machine (say B) where SMB signing is disabled (or enabled but not enforced) and A is a local administrator of B.

    Now what I do not understand is, where does _SMB_ come here? Why is it called the SMB Relay? Is the NTLM Authentication they’re talking about, an authentication mechanism happening over the SMB protocol? If I authenticate to B by relaying A’s NTLM hash, will I be able to access only the shares that have been shared to A, hence, an initial foothold rather than user compromise..?

    Would really appreciate if someone could help me clarify this. Thanks!

  • #292907

    subtiliusque

    RemindMe! 2 hours

You must be logged in to reply to this topic.