Hijacking NTLM-powered Mobile Apps (Part 1 - Cracking with Responder)
Tags
attack-pattern: Data Credentials - T1589.001 Dns - T1071.004 Dns - T1590.002 Python - T1059.006 Server - T1583.004 Server - T1584.004 Web Service - T1481 Tool - T1588.002 Vulnerabilities - T1588.006 Connection Proxy - T1090 Sudo - T1169 Web Service - T1102
Show in Graph
Common Information
Type Value
UUID ad9056e3-2f5b-4d0b-9bfd-928d23e6825d
Fingerprint 3e82ab5b4d62f68c
Analysis status DONE
Considered CTI value 0
Text language
Published Sept. 30, 2018, midnight
Added to db Jan. 18, 2023, 9:49 p.m.
Last updated Nov. 17, 2024, 6:30 p.m.
Headline Hijacking NTLM-powered Mobile Apps (Part 1 - Cracking with Responder)
Title Hijacking NTLM-powered Mobile Apps (Part 1 - Cracking with Responder)
Detected Hints/Tags/Attributes 42/1/17
Source URLs
Redirection Url
Details Source https://initblog.com/2018/ntlm-mobile-app-crack/
URL Provider
Details Provider Source level domain
Details initblog.com initblog.com
Attributes
Details Type #Events CTI Value
Details Domain 397 
asp.net
Details Domain 707 
google.com
Details Domain 1 
clone-ssl.py
Details Domain 5 
http.py
Details Domain 27 
responder.py
Details File 1 
clone-ssl.py
Details File 32 
ca.crt
Details File 7 
ca.key
Details File 7 
client.crt
Details File 7 
client.key
Details File 5 
http.py
Details File 2 
responder.crt
Details File 2 
responder.key
Details File 25 
responder.py
Details IPv4 4 
192.168.12.1
Details IPv4 619 
0.0.0.0
Details Url 1 
https://google.com/mobileapp/veryvuln.svc