Rascals are always sociable, and the chief sign that a man has any nobility in his character is the little pleasure he takes in others company. Arthur Schopenhauer

NetNTLMv1 Downgrade to compromise

In this blogpost I’m going to blow your mind with some easy to understand NetNTLMv1 downgrade and relaying stuff. I will keep this blogpost simple, so that everyone can follow these steps, but I will link further resources for those who want to get the bigger picture at the end of this post.

First I am going to show you my lab environment for the different attacks I’m about to go through and the tools I used for each attack. What comes next is the real deal. I will in detail go through the attack path of downgrading to NetNTLMv1 authentication and the further exploitation steps needed to elevate privileges in an effected environment. This blog includes two common attack scenarios, which occurred to us frequently during our internal penetration tests. NetNTLMv1 Downgrade to compromise