Is SMB relay same as NTLM relay? – Digitalmunition

Home Forums Is SMB relay same as NTLM relay?

This topic contains 1 reply, has 2 voices, and was last updated by  subtiliusque 1 month, 2 weeks ago.

  • Author
  • #292906


    So I’ve been reading about the SMB relay attacks using and Most articles start off with an explanation of NTLM authentication flow. As far as I have understood, this attack relays a compromised user’s (say A) NTLM hash to another machine (say B) where SMB signing is disabled (or enabled but not enforced) and A is a local administrator of B.

    Now what I do not understand is, where does _SMB_ come here? Why is it called the SMB Relay? Is the NTLM Authentication they’re talking about, an authentication mechanism happening over the SMB protocol? If I authenticate to B by relaying A’s NTLM hash, will I be able to access only the shares that have been shared to A, hence, an initial foothold rather than user compromise..?

    Would really appreciate if someone could help me clarify this. Thanks!

  • #292907


    RemindMe! 2 hours

You must be logged in to reply to this topic.