[addtool] evil SSDP #561
Labels
Comments
|
Problem occured with the following fields: nicename Check the guidelines. |
|
Issue correctly handled, tool is waiting for human validation. |
|
Tool has been accepted by the team: https://offsec.tools/tool/evil-ssdp Thank you for your contribution! |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
[homepage]https://gitlab.com/initstring/evil-ssdp[/homepage]
[tags]network,ntlm,passwords,phishing,ssdp,spoofing,xml[/tags]
[short_descr]Spoof SSDP replies to phish for credentials and NetNTLM challenge/response.[/short_descr]
[long_descr]This tool responds to SSDP multicast discover requests, posing as a generic UPNP device. Your spoofed device will magically appear in Windows Explorer on machines in your local network. Users who are tempted to open the device are shown a configurable phishing page. This page can load a hidden image over SMB, allowing you to capture or relay the NetNTLM challenge/response.
Templates are also provided to capture clear-text credentials via basic authentication and logon forms, and creating your own custom templates is quick and easy.
This requires no existing credentials to execute and works even on networks that have protected against Responder attacks by disabling NETBIOS and LLMNR. Any Operating System or application leveraging SSDP/UPNP can be targeted, but most of the current weaponization has been aimed at Windows 10.
As a bonus, this tool can also detect and exploit potential zero-day vulnerabilities in the XML parsing engines of applications using SSDP/UPNP. If a vulnerable device is found, it will alert you in the UI and then mount your SMB share or exfiltrate data with NO USER INTERACTION REQUIRED via an XML External Entity (XXE) attack.[/long_descr]
[image]https://raw.githubusercontent.com/gwen001/offsectools_www/main/3b1b2ca3d7f139e83f6c40d4daea50b8.png[/image]
The text was updated successfully, but these errors were encountered: