General

Brute force attacks are a type of cyberattack in which an attacker tries to guess the login credentials of a website by repeatedly attempting to login with different combinations of username and password. In the case of an NTLM authentication system, the attacker would try to guess the login credentials by sending a large number of login requests to the server, each time using a different combination of username and password. If the attacker is able to successfully guess the correct login credentials, they will be able to access the server and potentially compromise it.

Commands

For this step, you will need to find a webpage (Local Network) were you can authentify with a username and password (NTLM). From there you will have the possibility to launch a brute force attack

  • Important
    • If the rate is limited (block account after X try) set you attack to brute force each account with X password try (Try to bypass if possible with password spaying)
    • Dont use Burp-Suite for this, since you wont see the username and password been sent (they are sent trought the computer & server)
      • Use the following tool ---> [[• NTLM (Basic HTTP Auth)]]

Navigating to an URL that will prompts us with a Windows Authentication credentials (HTTP form):

Use the NTLM brute forcer