Can anyone point me in the right direction for acquiring SMB credentials to a box on my LAN (vmware) without having access to the hashes? (Windows 7)
Is it possible to trigger some "hash-check" from the box and sniff the traffic or something along those lines? I read about ettercap converting the hash to l0ptrhack format. I'm guessing this would provide some better results with OpenVAS/Nessus.
Any links or help would be appreciated.