I was recently reading through Chris Gates post on capturing and cracking HALFLM hashes with Metasploit and thought I’d give it a quick run through. (I won’t be rehashing what Chris already covered here, so I suggest you pop over to his blog for a quick coverage of HALFLM and the rainbowtable cracking method).
Until I read the post I’d been using the SMB_relay attack to load up a meterpreter shell onto the remote target, but seeing as Microsoft have finally decided this is a bug worth patching, it’s time to move on to other attack vectors. SMB_relay will still be a good attack vector for some attacks, but the patch against reflective relays means it’s not going to always be available.
View original post 307 more words