Our great sponsors
-
Responder
Discontinued Responder is a LLMNR, NBT-NS and MDNS poisoner, with built-in HTTP/SMB/MSSQL/FTP/LDAP rogue authentication server supporting NTLMv1/NTLMv2/LMv2, Extended Security NTLMSSP and Basic HTTP authentication. (by SpiderLabs)
-
InfluxDB
Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
Also I kind of don't understand the distinction between victim and server in your post. But the basic idea for it is that first we get the remote machine to access arbitrary locations. We start "responder". Then ask the remote machine to access our machine. Responder gives us the authentication challenge as a hash. John the ripper was used to crack the hash. (You might use a supplied word list for John, some sort of lookup or something here if you are in class). Now you have the credentials to access it directly.
https://github.com/fortra/impacket/blob/master/examples/ntlmrelayx.py. (see the docs at the top of the program)
Related posts
- Socket Programming - Spoofing IP Address
- How to create SMB server from python?
- Attn: pen testers.. What is your favorite tool?
- Impacket
- Does anyone else get this error when trying to run the following command in the attackingkerberos room" sudo python3 GetUserSPNs.py controller.local/Machine1:Password1 -dc-ip (ip_address) - request