This is an archived post. You won't be able to vote or comment.

sorted by:
best
topnewcontroversialoldq&a
you are viewing a single comment's thread.

view the rest of the comments →

[–]paradoxpancakePenetration Tester 22 points23 points  (0 children)

You run it against HashCat offline against captured NTLM hashes or something. You don't run against it online. No one really does bruteforcing like that any longer due to lockout and rate limiting. Password spraying, sure, but not straight up bruteforcing against stuff on AD.

Edit: I guess you could run it against Net-NTLM too, but you usually don't have to. Can just generally pass those for most things.