The Hacker Recipes
GitHub
Twitter
Exegol
Tools
Search…
Introduction
Active Directory
Reconnaissance
DHCP
DNS
NBT-NS
Responder ⚙️
Port scanning
LDAP
BloodHound ⚙️
MS-RPC
enum4linux ⚙️
Password policy
Movement
Persistence
Web services
Reconnaissance
Configuration
Accounts and sessions
User inputs
Systems & services
Reconnaissance
Movement
Privilege escalation
Pivoting
🛠️ Physical
Locks
Networking
Machines
Super secret zones
🛠️ Intelligence gathering
CYBINT
OSINT
GEOINT
🛠️ RADIO
RFID
Bluetooth
Wi-Fi
Wireless keyboard/mouse
🛠️ mobile apps
Android
iOS
Powered By
GitBook
Responder ⚙️
Responder
(Python) is a great tool for
LLMNR, NBTNS, MDNS poisoning
and
WPAD spoofing
but it can also be used in "analyze" modes.
BROWSER mode
: inspect
Browse Service
messages and map IP addresses with NetBIOS names
LANMAN mode
: passively map domain controllers, servers and workstations joined to a domain with the Browser protocol (see
this
).
LLMNR, NBTNS, MDNS modes
: inspect broadcast and multicast name resolution requests
The following command will enable the analyze modes and will give interesting information like
Domain Controller, SQL servers, workstations
Fully Qualified Domain Name (FQDN)
Windows versions in used
The "enabled" or "disabled" state of protocols like LLMNR, NBTNS, MDNS, LANMAN, BROWSER
1
responder --interface
"eth0"
--analyze
2
responder -I
"eth0"
-A
Copied!
Responder 2.0 - Owning Windows Networks part 3
Trustwave
Previous
NBT-NS
Next
Port scanning
Last modified
5mo ago
Copy link