The Hacker Recipes
GitHubTwitterExegolTools
Search…
Introduction
Active Directory
Reconnaissance
DHCP
DNS
NBT-NS
Responder ⚙️
Port scanning
LDAP
BloodHound ⚙️
MS-RPC
enum4linux ⚙️
Password policy
Movement
Persistence
Web services
Reconnaissance
Configuration
Accounts and sessions
User inputs
Systems & services
Reconnaissance
Movement
Privilege escalation
Pivoting
🛠️ Physical
Locks
Networking
Machines
Super secret zones
🛠️ Intelligence gathering
CYBINT
OSINT
GEOINT
🛠️ RADIO
RFID
Bluetooth
Wi-Fi
Wireless keyboard/mouse
🛠️ mobile apps
Android
iOS
Powered By GitBook
Responder ⚙️
Responder (Python) is a great tool for LLMNR, NBTNS, MDNS poisoning and WPAD spoofing but it can also be used in "analyze" modes.
  • BROWSER mode: inspect Browse Service messages and map IP addresses with NetBIOS names
  • LANMAN mode: passively map domain controllers, servers and workstations joined to a domain with the Browser protocol (see this).
  • LLMNR, NBTNS, MDNS modes: inspect broadcast and multicast name resolution requests
The following command will enable the analyze modes and will give interesting information like
  • Domain Controller, SQL servers, workstations
  • Fully Qualified Domain Name (FQDN)
  • Windows versions in used
  • The "enabled" or "disabled" state of protocols like LLMNR, NBTNS, MDNS, LANMAN, BROWSER
1
responder --interface "eth0" --analyze
2
responder -I "eth0" -A
Copied!
Responder 2.0 - Owning Windows Networks part 3
Trustwave
Previous
NBT-NS
Next
Port scanning
Last modified 5mo ago
Copy link