https://mikehorn-git.github.io/tags/ntlm/ Recent content in Ntlm on Mike.Horn Hugo en Sat, 21 Sep 2024 00:00:00 +0200 https://mikehorn-git.github.io/writeups/htb/sherlocks/reaper/ Sat, 21 Sep 2024 00:00:00 +0200 https://mikehorn-git.github.io/writeups/htb/sherlocks/reaper/ <h1 id="q1-ip-address-of-forela-wkstn001">Q1: IP Address of Forela-Wkstn001</h1> <p>What is the IP address of <strong>Forela-Wkstn001</strong>?</p> <blockquote> <p>🔎 See Q2 for the analysis steps.</p> </blockquote> <hr> <h1 id="q2-ip-address-of-forela-wkstn002">Q2: IP Address of Forela-Wkstn002</h1> <p>What is the IP address of <strong>Forela-Wkstn002</strong>?</p> <p><strong>Note:</strong> NetworkMiner requires <code>.pcap</code> format. Convert the file if needed:</p> <div class="highlight"><pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl">tshark -F pcap -r ntlmrelay.pcapng -w ntlmrelay.pcap </span></span></code></pre></div><p>Open the capture in <strong>NetworkMiner</strong> to get an overview of network activity. Both workstation IP addresses can be identified here:</p> <p><img alt="NetworkMiner Overview" loading="lazy" src="../../writeups/htb/sherlocks/reaper/2024-09-21T15_32_55,042790459+02_00.png"></p>