|Informative Information for the Uninformed
Next: Things to remember Up: Attacking NTLM with Precomputed Previous: Breaking the second part Contents
The big question to answer is how one can get the victim to log into the rogue server, thus exposing his username and password hash for the attacker to break.
Approach #1: Sending a html mail that includes a link in the form
of a UNC path should do the trick, depending primarily on the
sender's rhetoric ability in getting his victim to click the link,
and the mail client to understand what it's expected to do. A UNC
path is usually in the form of
Approach #2: Getting the victim to visit a site that includes a UNC path with Internet Explorer has the same result.
Approach #3: If the rogue server is part of the LAN, advertising it in the network neighbourhood as "warez, porn, mp3, movie" - server should result in users trying to log into it sooner or later. There's no way anyone can withstand the power of the 4 elements!
There's plenty of other ways that the author leaves to the readers imagination.