SMB Relay Attack Tutorial

Don’t even bother cracking NTLMv2 hashes gathered with Responder! Instead, just relay them to a target machine on the network and pop yourself into a LocalSystem shell. This attack uses the Responder toolkit to capture SMB authentication sessions on an internal network, and relays them to a target machine.