Responder – LLMNR, MDNS and NBT-NS Poisoner


Responder is an LLMNR, NBT-NS and MDNS poisoner. It will answer to specific NBT-NS (NetBIOS Name Service) queries based on their name suffix (see: NetBIOS Suffixes). By default, the tool will only answer to File Server Service request, which is for SMB.

Responder - LLMNR, MDNS and NBT-NS Poisoner

The concept behind this is to target our answers, and be stealthier on the network. This also helps to ensure that we don’t break legitimate NBT-NS behavior. You can set the -r option via command line if you want to answer to the Workstation Service request name suffix.

Features

  • Built-in SMB Auth server – Supports NTLMv1, NTLMv2 hashes with Extended Security NTLMSSP.
  • Built-in MSSQL Auth server – Supports NTLMv1 and LMv2 hashes.
  • Built-in HTTP Auth server – Supports NTLMv1, NTLMv2 hashes and Basic Authentication.
  • Built-in HTTPS Auth server – As above (comes with dummy keys).
  • Built-in LDAP Auth server – Supports NTLMSSP hashes and Simple Authentication (clear text authentication).
  • Built-in FTP, POP3, IMAP, SMTP Auth servers – Supports collection of clear text credentials.
  • Built-in DNS server – This server will answer type A queries, combine with ARP spoofing.
  • Built-in WPAD Proxy Server – Will capture all HTTP requests from IE users with “Auto-detect settings” enabled.
  • Browser Listener – This module allows you to find the PDC in stealth mode.
  • Fingerprinting – Will fingerprint every host who issued an LLMNR/NBT-NS query.
  • ICMP Redirect – For MITM on Windows XP/2003 and earlier Domain members.
  • Rogue DHCP – Supports DHCP Inform Spoofing.
  • Analyze mode – Allows you to see NBT-NS, BROWSER, LLMNR, DNS requests without poisoning.

Usage

Before starting take a look at Responder.conf and tweak it to your requirements.

You can download Responder here:

Responder-v2.3.0.zip

Or read more here.

Posted in: Hacking Tools, Networking Hacking Tools, Windows Hacking


Latest Posts:


Socialscan - Command-Line Tool To Check For Email And Social Media Username Usage Socialscan – Command-Line Tool To Check For Email And Social Media Username Usage
socialscan is an accurate command-line tool to check For email and social media username usage on online platforms, given an email address or username,
CFRipper - CloudFormation Security Scanning & Audit Tool CFRipper – CloudFormation Security Scanning & Audit Tool
CFRipper is a Python-based Library and CLI security analyzer that functions as an AWS CloudFormation security scanning and audit tool
CredNinja - Test Credential Validity of Dumped Credentials or Hashes CredNinja – Test Credential Validity of Dumped Credentials or Hashes
CredNinja is a tool to quickly test credential validity of dumped credentials (or hashes) across an entire network or domain very efficiently.
assetfinder - Find Related Domains and Subdomains assetfinder – Find Related Domains and Subdomains
assetfinder is a Go-based tool to find related domains and subdomains that are related to a given domain from a variety of sources including Facebook and more.
Karkinos - Beginner Friendly Penetration Testing Tool Karkinos – Beginner Friendly Penetration Testing Tool
Karkinos is a light-weight Beginner Friendly Penetration Testing Tool, which is basically a 'Swiss Army Knife' for pen-testing and/or hacking CTF's.
Aclpwn.Py - Exploit ACL Based Privilege Escalation Paths in Active Directory Aclpwn.Py – Exploit ACL Based Privilege Escalation Paths in Active Directory
Aclpwn.py is a tool that interacts with BloodHound< to identify and exploit ACL based privilege escalation paths.


Comments are closed.