Feature Request: Make victims believe they have Internet access

lgandx / Responder

Responder is a LLMNR, NBT-NS and MDNS poisoner, with built-in HTTP/SMB/MSSQL/FTP/LDAP rogue authentication server supporting NTLMv1/NTLMv2/LMv2, Extended Security NTLMSSP and Basic HTTP authentication.

GNU General Public License v3.0

5.47k stars 775 forks source link

Feature Request: Make victims believe they have Internet access #3

Closed mubix closed 4 years ago

mubix commented 8 years ago

With a number of different scenarios I've been in the situation where I was the gateway for a host. When they perform detection on if they are Internet connected (random host lookup), it would be nice to respond to these in the DNS server with what is supposed to happen naturally (NXDOMAIN)

baxter888 commented 8 years ago

Hi, for this usecase u can use inetsim http://www.inetsim.org

Would bi nice on the hak5 lan turtle or usb armory

TommyWhite commented 8 years ago

While using INetSim, it is utilizing the same ports as Responder, conflicts will arise. But the idea use Responder as proxy is pretty well.

mubix commented 8 years ago

While it is nice to get authentication even when answering these, I wonder if I could extract more and do more with the user if the computer figured that it had valid internet access

[HTTP] Sending NTLM authentication request to 192.168.1.101
[HTTP] Host             : wkwracfpyhhie
[HTTP] NTLMv1 Client   : 192.168.1.101
[HTTP] NTLMv1 Username : UberUser
[HTTP] NTLMv1 Hash     : UberUser::WIN10COMP:#REMOVED SENSITIVE DATA#:1122334455667788