¨make the password hash come to you for authentication
–Send email containing URL
–When victim clicks on URL, victim’s machine attempts to mount the share on attacker’s server using a challenge/handshake protocol
–Password hash is captured by attacker-pc running L0phtcrack’s integrated sniffing tool
–Password hash is fed into L0phtcrack to retrieve user’s password
–
–
¨