![]() In normal traffic, when we have a user who wants to authenticate, for example using NTLM Version 2, the authentication challenge is sent originally to the destination server. Here we’ve got a server we’re calling SRV (check the video for the reference). This kind of attack is very dangerous because anybody with access to the network can capture traffic, relay it, and get unauthorized access to the servers. The bad scenario comes up when a hacker is listening to the network in order to authenticate as one of the users and there is no password needed. The good perspective is when the actual user is the one trying to authenticate. We can look at this from two different perspectives: the good and the bad depending on who is listening on. ![]() Unfortunately, when we are listening to what is going on in the network, we’re able to capture a certain part of the traffic related to the authentication and also relay it to the other servers. SMB Relay Attack is a type of attack which relies on NTLM Version 2 authentication that is normally used in most companies.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |