From b9c4b8aeb4c03192af35899ae7b4fe8bd9c2acad Mon Sep 17 00:00:00 2001
From: frizb <frizb_@hotmail.com>
Date: Wed, 15 Apr 2020 09:43:33 -0600
Subject: [PATCH] Update README.md

You may be asked to recover a password from an SMB authentication (NTLMv2) from a Packet Capture.
---
 README.md | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/README.md b/README.md
index d249827..a6cae15 100644
--- a/README.md
+++ b/README.md
@@ -199,6 +199,12 @@ Purple Rain attack uses a combination of Prince, a dictionary and random Mutatio
 ```
 shuf dict.txt | pp64.bin --pw-min=8 | hashcat -a 0 -m #type -w 4 -O hashes.txt -g 300000
 ```
-
 Reference:  
 https://www.netmux.com/blog/purple-rain-attack
+
+
+## Cracking NTLMv2 Hashes from a Packet Capture
+You may be asked to recover a password from an SMB authentication (NTLMv2) from a Packet Capture.
+The following is a 9-step process for formatting the hash correctly to do this.
+https://research.801labs.org/cracking-an-ntlmv2-hash/
+