Update README.md

You may be asked to recover a password from an SMB authentication (NTLMv2) from a Packet Capture.
DrorDvash · Apr 15, 2020 · b9c4b8a · b9c4b8a
1 parent 9378c56
commit b9c4b8a
Showing 1 changed file with 7 additions and 1 deletion.
diff --git a/README.md b/README.md
@@ -199,6 +199,12 @@ Purple Rain attack uses a combination of Prince, a dictionary and random Mutatio
 ```
 shuf dict.txt | pp64.bin --pw-min=8 | hashcat -a 0 -m #type -w 4 -O hashes.txt -g 300000
 ```
-
 Reference:  
 https://www.netmux.com/blog/purple-rain-attack
+
+
+## Cracking NTLMv2 Hashes from a Packet Capture
+You may be asked to recover a password from an SMB authentication (NTLMv2) from a Packet Capture.
+The following is a 9-step process for formatting the hash correctly to do this.
+https://research.801labs.org/cracking-an-ntlmv2-hash/
+