Responder
Post

Responder

What is LLMNR?

  • Link-Local Multicast Name Resolution.
  • Used to identify hosts when DNS fails to do so.
  • Previously known as NBT-NS.
  • The main drawback is that the services use a system username and an NTLMv2 hash to which they respond.

Responder

[!] Responder must be run as root.

Tool to poisoning the network and catch authentication requests such as NTLM, NTLMv2, etc.

1
responder -I tun0

Remember that if you want to capture correctly an NTLM hash, you need to have port tcp-445 available for Responder to work correctly.

Intelligence [[Anubis#^2015a8]]