These days I am trying to learn AD pentest and many questions are popping up in my mind, so here's one for AD Attackers.
In LLMNR Poisoning, we're setting a server running responder that will listen to LLMNR queries and act as rogue SMB server, but how can we trick users to put some non-existent IP address or share name into their explorer? Are we just relying on a coincidence of a user mistakenly jotting down a typo?