Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Forcing or coercing HTTP to SMB authentication using the NetBIOS name of the relaying server #31

Open
jsdhasfedssad opened this issue Sep 29, 2022 · 0 comments
Open

Forcing or coercing HTTP to SMB authentication using the NetBIOS name of the relaying server #31

jsdhasfedssad opened this issue Sep 29, 2022 · 0 comments

Comments

@jsdhasfedssad
Copy link

Hi,

Thank you for this tool. I use it all the time!

A common attack on IPv4 I use is to passively force or actively coerce HTTP to SMB authentication to ntlmrelayx in order to relay to LDAP. This requires the use of the NetBIOS name of the relaying server in order for the targeted Windows installations to trust the connection address. Luckily Responder provides that NetBIOS name when running so I use that for this.

I can execute the same attack as above on IPv6 using mitm6 but I still need Responder's NetBIOS name which means I need both mitm6 and Responder running at the same time targeting the same networks. Would it be possible for mitm6 to provide a NetBIOS name that can be used instead of Responder's? BTW, is it safe to use mitm6 and Responder at the same time in this way?

Thanks!
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@jsdhasfedssad