Responder
ABOUT
Responder is a widely used tool in penetration test scenarios and can be used for lateral movement across the network by red teamers. The tool contains many useful features like LLMNR, NT-NS and MDNS poisoning. It is used in practical scenarios for objectives like hash capture or poisoned answer forwarding supporting various AD attacks. More about it you could read here: [LINK]
Set up a fake SMB Server
With this we could intercept information when machine computer tries to do Name Resolution (PR), because it couldn't find a share's IP address in /etc/hosts, in DNS cache and in local DNS server. Because of IP address absence, it would make a multicast request, which we could intercept and use credentials for impersonation. This is NTLM Relay attack, where we are intercepting NTLM authentication request.
Last updated