This topic contains 1 reply, has 2 voices, and was last updated by subtiliusque 1 month, 2 weeks ago.
- August 9, 2020 at 8:28 pm #292906
So I’ve been reading about the SMB relay attacks using responder.py and ntlmrelay.py. Most articles start off with an explanation of NTLM authentication flow. As far as I have understood, this attack relays a compromised user’s (say A) NTLM hash to another machine (say B) where SMB signing is disabled (or enabled but not enforced) and A is a local administrator of B.
Now what I do not understand is, where does _SMB_ come here? Why is it called the SMB Relay? Is the NTLM Authentication they’re talking about, an authentication mechanism happening over the SMB protocol? If I authenticate to B by relaying A’s NTLM hash, will I be able to access only the shares that have been shared to A, hence, an initial foothold rather than user compromise..?
Would really appreciate if someone could help me clarify this. Thanks!
- August 9, 2020 at 8:29 pm #292907
RemindMe! 2 hours
You must be logged in to reply to this topic.