Join GitHub today
GitHub is home to over 40 million developers working together to host and review code, manage projects, and build software together.Sign up
Newest Kali + mitm6 + ntlmrelay = crickets(?!) #14
I have two fresh Kali boxes (2019.4) that I've really only done the round of apt-get update/upgrades on, as well as download Responder, Mitm6, ntlmrelay, etc. I've also run the necessary "pip" and/or setup scripts to install dependencies.
One system is at a client environment, one is in my lab. But when I run mitm6 for the target domain, and ntlmrelayx in a second window, I get absolutely no activity from either one - even after an hour. Here are screenshots from my lab north.pole (Santa works here :-)
Admittedly this is my first time ever running mitm6 so I don't know what to expect, but by looking at pretty much any other blog/video out there, I should start seeing spoofed replies pretty quickly (or do I just need to wait this out? I can report back tomorrow...gonna leave these run overnight).
Can you think of anything I can test/troubleshoot to figure this out?
One good way to troubleshoot this is running Wireshark on both your Kali and the victim system and filter for dhcpv6 and icmpv6 (
Start mitm6 with this command:
To simulate a network change/reboot on the victim system you can:
I'm not sure if option 2 or 3 was working with VMware. One of them caused Wireshark to stop listening because it "found no interface".
Shortly after that the Windows system should start with the following process:
Warning: If your lab is running on an ESXi environment your Kali won't see the DHCPv6 messages coming from the client because vSphere virtual switches implement the MLDv2 protocol. Windows sends ICMPv6 solicit to the all-dhcp-agents multicast address and your Kali machine is not part of this group (although this functionality could be added to mitm6 I guess).
To overcome this problem you can:
You should now find Kali's IPv6 address set as DNS server if you type
@cyberfreaq thank you so, SO much for all this crazy detailed information! I am indeed using ESXi so your post explains a lot. I will definitely try promiscuous mode when I get back to the office today and report back. Also thanks much for the "--no-ra" tip. All the how-tos and vids I'd seen the last few days leave that flag out, and I'm operating in an environment where they want as little disruption as possible, so good to know that flag helps in that regard.
Again thanks a million. I went to bed feeling like I was just a little bit insane (more than usual anyway).
Good news to follow soon!
@cyberfreaq whoohoo, the promiscuous mode thing was totally it, thanks again! For those of you who find this thread later, the setting changed on the ESXi Web console was:
I ran mitm6 with the
I can start a new issue/question but just wondering as I plan to do this on a client engagement...besides the