Poisons are not so poisonous when these factors come in way. Next, I am going to walk you through a classical LLMNR Poisoning attack using Responder. The most popular tool to perform LLMNR Poisoning attacks is called Responder, you can clone it from Github. If we are successful in our attempt, we can grab an NTLMv2 hash from a user and try to brute-force the password using tools like Hashcat. We can use the LLMNR service to perform a malicious attack by spoofing an actual authoritative source on the target network by responding to LLMNR requests with our attack computer on port UDP 5355 or on port UDP 137 for NBT-NS. The Link-Local Multicast Name Resolution protocol itself is based on DNS and allows hosts to resolve other hostnames on the same local link. LLMNR and NBT-NS (NetBIOS Name Service) attacks go hand-in-hand as they can be performed by the same tool. LLMNR Poisoning or Link-Local Multicast Name Resolution Poisoning is a very commonly used attack when it comes to running a penetration test against a local network.
