Inclusive of both Windows & Linux
In case of Windows, we can try fetching a file via SSRF with responder turned on in the attacker machine. This way we may get the user's NTLMv2 Hash.
Check Notion for full exploit.
Last updated 2 years ago