[<prev] [next>] [day] [month] [year] [list]
Message-ID: <CAG_zyZ-Zppxz6tAh93XTScbHVkCXwcYarY7=YOW4JJ5nxChZAg@mail.gmail.com>
Date: Sat, 7 Feb 2015 22:05:15 -0500
From: laurent gaffie <laurent.gaffie@...il.com>
To: fulldisclosure@...lists.org
Subject: [FD] Responder Windows Version
Responder for Windows is meant to propagate further compromises from a
Windows workstation/server.
Features includes:
- Be able to propagate (pivoting) compromises across subnets and domains
from any compromised Windows machine ranging from Windows 2000 to 8.1,
Server 2012R2.
- This tool can also be used to compromise a domain from an external
penetration test.
- This version will disable NetBIOS on all interfaces and the current
firewall profile (no reboot needed) on the target host.
- Default values will be turned back On when killing Responder (CRTL-C).
- LLMNR and Netbios works out of the box on any Windows XP-2003
- Netbios support works on all versions.
- Best way to collect hashes with this Windows version: Responder.exe -i
IP_Addr -rF
Installing:
- Binary:
Just drop the executable and the configuration file (Responder.conf) inside
a directory (eg: c:/temp/responder) and launch it.
- From source:
Install python on a Windows machine.
run "pip install pyinstaller"
cd in Responder source directory
pyinstaller --onefile -F Responder.py
Your binary will be located in the folder dist/
- Executing the source direclty:
You can run Responder as usual from the source folder (with python
installed): python Responder.py
Considerations:
- Make sure you have administrative privileges.
- Make sure to include a conventional Responder.conf file in Responder
running directory.
- Any rogue server can be turn off in Responder.conf.
- The Wpad proxy server is known to be buggy on some Windows versions. It's
not recommended to use it.
- For now, SMB rogue authentication server is *not* supported.
You can download Responder for Windows (Beta) sources and binaries at the
following url:
https://github.com/lgandx/Responder-Windows
Follow latest updates on twitter:
https://twitter.com/PythonResponder
Cheers,
_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/
Powered by blists - more mailing lists