You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
It is possible to obtain a user's NTLM hash by tricking them into cloning from a malicious server. Since NTLM hashing is weak, it is possible for the attacker to brute-force the user's account name and password.
Proof of Concept
An attacker who can control a server from which the attack's target clones a repository can extract the NTLM hash, which in turn allows brute-forcing the password. Steps to reproduce:
1- Run responder on host [attacker]
2- Run git clone [victim]
3- attacker receives user's NTLM hash
Screencast.From.2025-10-09.23-02-48.mp4
Impact
By brute-forcing the NTLMv2 hash (which is expensive, but possible), credentials can be extracted.
weirdmachine64 Reporter
Summary
It is possible to obtain a user's NTLM hash by tricking them into cloning from a malicious server. Since NTLM hashing is weak, it is possible for the attacker to brute-force the user's account name and password.
Proof of Concept
An attacker who can control a server from which the attack's target clones a repository can extract the NTLM hash, which in turn allows brute-forcing the password. Steps to reproduce:
1- Run
responderon host [attacker]2- Run
git clone[victim]3- attacker receives user's NTLM hash
Screencast.From.2025-10-09.23-02-48.mp4
Impact
By brute-forcing the NTLMv2 hash (which is expensive, but possible), credentials can be extracted.
References