responderyou can set the authentication challenge to 1122334455667788, capture the authentication attempt, and if it was done using NTLMv1 you will be able to crack it. If you are using
responderyou could try to use the flag
--lmto try to downgrade the authentication. Note that for this technique the authentication must be performed using NTLMv1 (NTLMv2 is not valid).
runas /netonlytrick but you don't need to know the plain-text password).
C:\AD\MyTools\atexec_windows.exe -hashes ":b38ff50264b74508085d82c69794a4d8" [email protected] 'whoami'