Feature Request: Prevent account lockouts and specify which user account to authenticate with when using NTLMRelayX.

fortra / impacket

Impacket is a collection of Python classes for working with network protocols.

https://www.coresecurity.com

Other

13.58k stars 3.59k forks source link

Feature Request: Prevent account lockouts and specify which user account to authenticate with when using NTLMRelayX. #872

Open 0xabdi opened 4 years ago

0xabdi commented 4 years ago

Would it be possible to:

add a way of specifying how many times to authenticate against a target to prevent account lockouts on the domain.
specify which user to authenticate as when relaying to a target.

(These features are available in Responder's Multirelay, It would have been awesome if the same was available on ntlmrelayx)

asolino commented 4 years ago

Hey @abdihakx

Fair point about 1., I'm leaving this issue open as an enhancement. We should be counting per account instead of target (if we want to avoid account lockout).

With regard to 2., that feature is implemented. Check this blogpost.

0xabdi commented 4 years ago

Awesome! Looking forward to it.

Will definitely check out the blog, Didn't know this option existed. Thanks!

infosecmatt commented 2 years ago

Just adding to this, in a responsive/noisy environment the lack of mechanism for preventing lockouts triggered an MSP alert during our pentest that some users had attempted to authenticate over 600 times to the target host in a little under 2 hours. I think for the tool's intended users (pentesters) this problem makes the tool very difficult to justify using in a production environment for fear of disrupting client ops. Even if this were a toggleable option I think it'd certainly improve the tool's usability.

Appreciate all your hard work! Your tools make our engagements immeasurably easier.

Alert: