Responder in compromised host context
windowschecklist
Summary
A writable share may enable hash capture.
Walkthrough
Consider capturing authentication from the compromised host's network position, e.g. via a writable share that coerces other systems to authenticate. A hit is a captured NetNTLM hash to crack or relay.