[enhancement] Add NTLMv1 scan option #68
Open
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Minor modifications have been made so we are able to load this as a module. Also, all top-level commands in `Responder.py` have been removed, like the printing of the banner
|
Hey @AdrianVollmer, This is a very good idea, I'll look into it in January 2024! Best regards, |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
See #67. I included portions of Responder's code with minimal modifications. This means that Coercer must be GPL licensed.
In this approach, we monkeypatch Responder's
SaveToDbfunction to modifycontrol_structureaccordingly.When setting
--stop-on-ntlm-authinscanmode, coercer stops scanning a target completely upon receiving an SMB connection with NTLM authentication. This is useful if we want to find DCs supporting NTLMv1.This PR should be taken as a proposal. Happy to discuss details!