DramaKing Posted February 26 Share Posted February 26 Been trying to get Responder to work for days, and after reading a number of sources online and combing through Wireshark captures, I'm finally putting it together. I've used a Pineapple and a Kali Linux laptop, as well as trying Inveigh on a Windows machine, and using a few different devices to connect over SMB (which does work fine on the client side). Responder sends the NTLMSSP_CHALLENGE packet, but Windows 10 responds with RST, ACK instead of NTLM_AUTH. It's like it knows that the challenge is from a rogue SMB server. responder -I wlanX responder -I wlanX -wdvP Quote Link to comment Share on other sites More sharing options...
DramaKing Posted February 28 Author Share Posted February 28 This is definitely affecting specifically Windows 10 clients as a Windows 7 VM authenticated as expected. Quote Link to comment Share on other sites More sharing options...
dark_pyrro Posted March 1 Share Posted March 1 What happens if you "force" SMB from the target side? For example, open the Explorer and enter: \\<whatever-IP-address-the-poisoner-has (and hit ENTER). Does any SMB NTLM get logged by Responder? Quote Link to comment Share on other sites More sharing options...
DramaKing Posted March 1 Author Share Posted March 1 I didn't think that it would work since the poisoning was working. I was able to get hashes from my W10 22H2 system but only when I wasn't starting Responder over SSH. I didn't think that it would interfere but guess it does. Go figure. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.