Responder

TRENDINGVERIFIED

LLMNR, NBT-NS, and MDNS poisoner for credential harvesting

Packet Sniffing & SpoofingOSS

Intermediate

Linux

Description

Responder is a LLMNR, NBT-NS, and MDNS poisoner that answers specific NBT-NS queries based on name suffix, serving rogue authentication servers to capture NTLMv1/v2 hashes. It includes built-in HTTP, SMB, MSSQL, FTP, and LDAP rogue servers for credential harvesting on internal networks.

Use Cases

Capture NTLMv2 hashes on internal Windows networks
Poison LLMNR and NBT-NS requests to redirect authentication
Perform internal network credential harvesting during pentests

Attack Phases

01. RECON

02. SCAN

03. EXPLOIT

04. PERSIST

05. COVER

MITRE ATT&CK Techniques (2)

T1557.001LLMNR/NBT-NS Poisoning and SMB Relay

Related Tools (3)

Hashcat John the Ripper Bettercap