Online Demo: LLMNR Poisoning

Do you want to find out what LLMNR poisoning is and how it works? Discover all you need to know in an interesting and captivating way.

Agenda

Attacker has access to the network and uses responder to listen for LLMNR request.
A victim searches for one word in a browser search bar triggering the LLMNR request.
The attacker Captures the hash and proceeds to crack it.
Attacker sends their commands including malware to the victim’s pc.
Malware automatically goes to infect the domain controller as well.
We log on the Domain controller to verify the effect of the malware on the domain controller.