mirror of
https://github.com/carlospolop/hacktricks
synced 2024-11-25 06:00:40 +00:00
Merge pull request #437 from jenaye/responder-fix
[fix] - Responder option
This commit is contained in:
commit
d6be036fb5
1 changed files with 4 additions and 4 deletions
|
@ -41,7 +41,7 @@ Responder automates the WPAD attack—running a proxy and directing clients to a
|
|||
|
||||
> Responder an LLMNR, NBT-NS and MDNS poisoner. It will answer to _specific_ NBT-NS (NetBIOS Name Service) queries based on their name suffix (see: [http://support.microsoft.com/kb/163409](http://support.microsoft.com/kb/163409)). By default, the tool will only answer to File Server Service request, which is for SMB.
|
||||
>
|
||||
> The concept behind this is to target our answers, and be stealthier on the network. This also helps to ensure that we don't break legitimate NBT-NS behavior. You can set the -r option via command line if you want to answer to the Workstation Service request name suffix.
|
||||
> The concept behind this is to target our answers, and be stealthier on the network. This also helps to ensure that we don't break legitimate NBT-NS behavior.
|
||||
|
||||
[Responder](https://github.com/lgandx/Responder) is installed in kali by default and the config file is located in _/etc/responder/Responder.conf_
|
||||
|
||||
|
@ -114,7 +114,7 @@ responder -I <Iface> --wpad
|
|||
You can also **resolve NetBIOS** requests with **your IP**. And create an **authentication proxy**:
|
||||
|
||||
```bash
|
||||
responder.py -I <interface> -rPv
|
||||
responder.py -I <interface> -Pv
|
||||
```
|
||||
|
||||
You won't be able to intercept NTLM hashes (normally), but you can easily grab some **NTLM challenges and responses** that you can **crack** using for example _**john**_ option `--format=netntlmv2`.
|
||||
|
@ -132,7 +132,7 @@ However, spoofing DHCP answers has unique benefits. **It's definitely stealthier
|
|||
> This attack is highly effective and gives you assured NTLMv1/2 hashes.
|
||||
|
||||
```bash
|
||||
./Responder.py -I eth0 -rPdv
|
||||
./Responder.py -I eth0 -Pdv
|
||||
```
|
||||
|
||||
## Capturing credentials
|
||||
|
@ -159,7 +159,7 @@ This attack uses the Responder toolkit to **capture SMB authentication sessions*
|
|||
|
||||
The 3 main **tools** to perform this attack are: **smb\_relay** (metasploit), **MultyRelay** (responder), and **smbrealyx** (impacket).
|
||||
|
||||
Independently of the tool, first, you need to **turn Off SMB and HTTP servers** in **/usr/share/responder/Responder.conf** and then execute responder on the desired **interface**: `responder -I eth0 -rv`
|
||||
Independently of the tool, first, you need to **turn Off SMB and HTTP servers** in **/usr/share/responder/Responder.conf** and then execute responder on the desired **interface**: `responder -I eth0 -v`
|
||||
|
||||
You can perform this attack using **metasploit module**: `exploit/windows/smb/smb_relay`
|
||||
|
||||
|
|
Loading…
Reference in a new issue