LLMNR Poisoning

Overview

Link Local Multicast Name Resolution (LLMNR), is used to identify hosts when DNS fails to do so in the network.

The main flaw with LLMNR is that the services use a user's username and NTLMv2 hash when responded to

Captured hash example from Kali Forums

Responder

Crack NTLM Hashes

Mitigation

  • Best defense is to disable LLMNR and NBT-NS

  • Strong password policy (14 char)

PreviousInitial Attack StrategyNextSMB Relay

Last updated

Was this helpful?