{
	"id": "12294c83-91c1-4679-8b85-e967de3a4052",
	"created_at": "2026-04-06T00:15:56.676138Z",
	"updated_at": "2026-04-10T03:21:41.391339Z",
	"deleted_at": null,
	"sha1_hash": "af640c68fff7b4453a3599e9094909db1d3ab862",
	"title": "GitHub - hob0/hashjacking: SMB Auto authentication Vulnerability",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 168324,
	"plain_text": "GitHub - hob0/hashjacking: SMB Auto authentication\r\nVulnerability\r\nBy hob0\r\nArchived: 2026-04-05 17:30:38 UTC\r\nAll current versions of Windows are affected by an architectural vulnerability due to the presumptive nature of\r\nSMB authentication. Hashed credentials will secretly be sent in cleartext across the Internet. This attack vector is\r\ntrivial to execute and has critical consequences. See proof of concept videos below.\r\nThe core of this issue is due to the presumptive nature of current SMB authentication methods. When a user\r\naccesses a file share or remote file, hashed Windows credentials from the current user are automatically sent to the\r\nremote server in cleartext in attempt to authenticate and access the remote file. The default behavior of assuming\r\nthe remote server is trusted allows for systems to quickly access file shares in large corporations so that users\r\nwon’t need to sign in with their company credentials each time to access network resources. However, this\r\nimplementation presents a significant security risk to user accounts and passwords. Read more via the link below.\r\nAuthor\r\nWritten by Julian \"hob0\" Dunning (@hob0man)\r\n##Proof of Concept Examples ###Email\r\n###Direct Access With Chrome\r\nhttps://github.com/hob0/hashjacking\r\nPage 1 of 2\n\n###Malicious image embedded in HTML\r\nSource: https://github.com/hob0/hashjacking\r\nhttps://github.com/hob0/hashjacking\r\nPage 2 of 2",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"MITRE"
	],
	"references": [
		"https://github.com/hob0/hashjacking"
	],
	"report_names": [
		"hashjacking"
	],
	"threat_actors": [],
	"ts_created_at": 1775434556,
	"ts_updated_at": 1775791301,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/af640c68fff7b4453a3599e9094909db1d3ab862.pdf",
		"text": "https://archive.orkl.eu/af640c68fff7b4453a3599e9094909db1d3ab862.txt",
		"img": "https://archive.orkl.eu/af640c68fff7b4453a3599e9094909db1d3ab862.jpg"
	}
}