Bettercap to steal hashes!
I'm working on a video right now but I thought I'd share the info here first!
So I've been trying to use Responder against Windows 10 hosts, and it just doesn't seem to work. I'm able to capture hashes if the target machine tries to go to a UNC path directly, but the poisoning doesn't work.
I was playing with Bettercap and saw that you can inject HTML into plaintext HTTP requests. I wondered if you could inject a little tag like this: which would ideally make an SMB request to my attacker machine.
Turns out it worked! On IE and Edge..
Where is the Video D:!?