Man-in-the-Middle Attacks
LLMNR poisoning
- NBT-NS → used to identify hosts when DNS fails to do so
- key flaw: if service responds, there’s a username and password hash
- run this when people go to lunch, in the morning, etc.
- capturing hashes
- crack captured responder hashes
- defenses: disable LLMNR, NAC, long passwords → see screenshots
SMB relay
- instead of cracking hashes we can use them to authenticate against other machines
- requirements: smb signing must be disabled, relayed user must be admin on machine
- find targets for smb relay
- find targets for relaying
- other attacks: different modes
- URL file attacks
- with mitm6
- with responder
passback attacks on printers
- https://www.mindpointgroup.com/blog/how-to-hack-through-a-pass-back-attack/
- https://medium.com/r3d-buck3t/pwning-printers-with-ldap-pass-back-attack-a0d8fa495210
- default printer password
- go to printer or similar things with ldap connection
- go to device setup your IP as receiver
- setup responder → password is sent to you in plaintext