Why did you use microsoft server during the attack? The only successful way to implment this attack is first gaining access to a server or machine from the same network? Please correct me if I am wrong.
The server was used to demonstrate an administrator user who put the wrong SMB share name, since name was not resolved the broadcast downgraded to LLMNR which responder captured and did its stuff ! And we had the users hash which was then abused to gain domain Admin rights once you have DA u can dump the secrets (NTLM hashes) through DC sync attack
Why did you use microsoft server during the attack?
The only successful way to implment this attack is first gaining access to a server or machine from the same network?
Please correct me if I am wrong.
The server was used to demonstrate an administrator user who put the wrong SMB share name, since name was not resolved the broadcast downgraded to LLMNR which responder captured and did its stuff ! And we had the users hash which was then abused to gain domain Admin rights once you have DA u can dump the secrets (NTLM hashes) through DC sync attack