响应包装说明
这个工具首先是一个LLMNR和NBT-NS响应,将根据其名称后缀回答具体 NBT-NS(NetBIOS名称的服务)查询(见http://support.microsoft.com/kb/163409) 。默认情况下,该工具将只回答到文件服务器服务的要求,这对于中小型企业。这背后的概念,是针对我们的答案,并在网络上隐蔽。这也有助于确保我们不打破合法NBT-NS的行为。如果你想这个工具来回答工作站服务请求的后缀名可以设置通过命令行-r选项为1。 资料来源:https://github.com/SpiderLabs/Responder
- 作者:Trustwave控股公司,洛朗Gaffie
许可:GPLv3的
0x01 包括在响应包中的工具
响应 - NBT-NS / LLMNR响应
:~# responder -h Usage: python /usr/bin/responder -i 10.20.30.40 -b On -r On Options: -h, --help show this help message and exit -A, --analyze Analyze mode. This option allows you to see NBT-NS, BROWSER, LLMNR requests from which workstation to which workstation without poisoning anything. -i 10.20.30.40, --ip=10.20.30.40 The ip address to redirect the traffic to. (usually yours) -I eth0, --interface=eth0 Network interface to use -b Off, --basic=Off Set this to On if you want to return a Basic HTTP authentication. Off will return an NTLM authentication.This option is mandatory. -r Off, --wredir=Off Set this to enable answers for netbios wredir suffix queries. Answering to wredir will likely break stuff on the network (like classics 'nbns spoofer' will). Default value is therefore set to Off -f Off, --fingerprint=Off This option allows you to fingerprint a host that issued an NBT-NS or LLMNR query. -w On, --wpad=On Set this to On or Off to start/stop the WPAD rogue proxy server. Default value is Off -F Off, --ForceWpadAuth=Off Set this to On or Off to force NTLM/Basic authentication on wpad.dat file retrieval. This might cause a login prompt in some specific cases. Default value is Off --lm=Off Set this to On if you want to force LM hashing downgrade for Windows XP/2003 and earlier. Default value is Off -v More verbose0x02 响应用法示例
指定IP地址重定向到 (-i 192.168.1.202), 使WPAD流氓代理 (-w开), 答案的NetBIOS wredir(-r),并且 指纹 (-f开):
:~# responder -i 192.168.1.202 -w On -r On -f On
NBT Name Service/LLMNR Responder 2.0.
Please send bugs/comments to:
To kill this script hit CRTL-C
[+]NBT-NS & LLMNR responder started
[+]Loading Responder.conf File..
Global Parameters set:
Responder is bound to this interface:ALL
Challenge set is:1122334455667788
WPAD Proxy Server is:ON
WPAD script loaded:function FindProxyForURL(url, host){if ((host == "localhost") || shExpMatch(host, "localhost.*") ||(host == "127.0.0.1") || isPlainHostName(host)) return "DIRECT"; if (dnsDomainIs(host, "RespProxySrv")||shExpMatch(host, "(*.RespProxySrv|RespProxySrv)")) return "DIRECT"; return 'PROXY ISAProxySrv:3141; DIRECT';}
HTTP Server is:ON
HTTPS Server is:ON
SMB Server is:ON
SMB LM support is set to:OFF
SQL Server is:ON
FTP Server is:ON
IMAP Server is:ON
POP3 Server is:ON
SMTP Server is:ON
DNS Server is:ON
LDAP Server is:ON
FingerPrint Module is:ON
Serving Executable via HTTP&WPAD is:OFF
Always Serving a Specific File via HTTP&WPAD is:OFF
原文来自:https://www.hackfun.org/kali-tools/responder_zh.html。转载请注明原出处,商用请联系原作者授权。