Responder

Create a proxy server for different attacks.

❗ Officially allowed during the OSCP exam according to the OSCP Exam FAQ, BUT Poisoning and Spoofing is NOT allowed in the labs or on the exam. YOU CANNOT DO: Spoofing (IP, ARP, DNS, NBNS, etc)

• WPAD Man-In-The-Middle (MITM) attack
• SMBRelay
• Trustwave – Responder 2.0 – Owning Windows Networks part 3

Help

sudo responder -h

Usage

Listen and respond

–lm: Force LM hashing downgrade for Windows XP/2003 and earlier. Default: False

sudo -E responder -I eth0 --lm

Analyze only without responding

-A: Analyze mode. This option allows you to see NBT-NS, BROWSER, LLMNR requests without responding

sudo -E responder -I eth0 -A