Jump to content
Matasareanu

Going further with Responder’s Basic Authentication

By Matasareanu, in Tutoriale in engleza

Recommended Posts

  • Members
Matasareanu Newbie

Matasareanu

Posted
  • Members
Posted

Going Further with Responder's Basic Authentication

There are a good number of situations when we find ourselves abusing the LLMNR and NBT-NS protocols on an infrastructure penetration test, more specifically on an Active Directory setup. These 2 protocols are enabled by default on most of the Windows operating systems. What are they doing is they facilitate the communication between network machines when searching for a DNS hostname regardless if it’s a share, a server or a web hostname.

The overview picture of the attack vector:

  • the victim is looking for a non-existing hostname
  • the DNS server cannot resolve the request
  • we reply and resolve the hostname resolution query
  • we ask the victim for authentication

 

  • Upvote 4

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing
×
×
  • Create New...