Using a SCF file to Gather Hashes Logo

Using a SCF file to Gather Hashes

0
Free
Visit Website

Have you ever been on an internal network assessment and discovered an unauthenticated writable Windows-based file share? In addition to finding potentially sensitive information, you can abuse this to gather user hashes from users who are browsing the file share. In this attack, a special file with a SCF file extension is placed onto the file share. SCF files can control Windows Explorer, but in this case, we use one to elicit an unsuspecting user to submit their NTLMv1/2 hash to us, the attacker.

FEATURES

ALTERNATIVES

Open-source Java application for creating proxies for traffic analysis & modification.

Ophcrack is a free Windows password cracker based on rainbow tables with various features for password recovery.

Comprehensive host-survey tool for security checks in C#.

A penetration testing tool for intercepting SSH connections and logging plaintext passwords.

A modular and script-friendly multithread bruteforcer for managing task parameters in Python scripts.

A DNS rebinding exploitation framework

Tool for enumerating proxy configurations and generating CobaltStrike-compatible shellcode.

A cross-platform web fuzzer written in Nim