Scribd
Upload
16 views

SMB Tutorial - Intrinium

Uploaded by

ShopnoPathik Aion
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
16 views

SMB Tutorial - Intrinium

Uploaded by

ShopnoPathik Aion
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 7

8/14/2019 SMB Relay Attack Tutorial - Intrinium

Home » Blog » SMB Relay Attack Tutorial

SMB Relay Attack Tutorial


Sep 27, 2018 | Blog, Business Solutions, Security

By – Jake Leavitt, Information Security Consultant – Intrinium

Don’t even bother cracking NTLMv2 hashes gathered with Responder! Instead,
just relay them to a target machine on the network and pop yourself into a
LocalSystem shell. This attack uses the Responder toolkit to capture SMB
authentication sessions on an internal network, and relays them to a target
machine. If the authentication session is successful, it will automatically drop
you into a system shell. This tutorial will cover the basics of how to perform

https://intrinium.com/smb-relay-attack-tutorial/ 1/7
8/14/2019 SMB Relay Attack Tutorial - Intrinium

this attack, the tools required, and shows a demonstration against a real
target. These methods are intended to be used to understand current
network attacks, and how to prevent them.

Note: Target information has been redacted to conserve the privacy of


our clients.

The following conditions must be met:


SMB Signing disabled on target
Must be on the local network
User credentials must have remote login access

The following tools are required:


Responder
PuTTy
Metasploit Framework

Preparation 

Step 1: Boot Up Responder

Navigate to Responder’s Installation location

cd /usr/share/responder

Start Responder with the proper Relay settings

python responder.py -I eth0 -rv

-I (capital i speci es interface) -rv (required settings for relay attack)

https://intrinium.com/smb-relay-attack-tutorial/ 2/7
8/14/2019 SMB Relay Attack Tutorial - Intrinium

Responder is Running

Responder will start poisoning tra c, like so:

Now, we need to spin up our Multirelay script.

Step 2: Boot up Multi-Relay 

https://intrinium.com/smb-relay-attack-tutorial/ 3/7
8/14/2019 SMB Relay Attack Tutorial - Intrinium

Step 3: MultiRelay Shell 

Step 4: Post-Exploitation 

Step 5: Pivoting to Meterpreter 

Cleanup / Resources 

Prevention 

 Facebook  Twitter  LinkedIn 


0 2 0

Categories
Blog

Business Solutions

Case Studies

Cloud

Company Updates

Hardware

Healthcare

Industry Innovations

https://intrinium.com/smb-relay-attack-tutorial/ 4/7
8/14/2019 SMB Relay Attack Tutorial - Intrinium

Internet

Intrinium Review April 2019

Intrinium Review July 2019

Intrinium Review June 2019

Intrinium Review May 2019

Linux

Mac

Managed IT

Managed Security

Motherboards

Network

News

Security

Services

Software

Storage Solutions

Ubuntu

Uncategorized

vCISO

Windows

Archives
Select Month

Search Connect
Search

https://intrinium.com/smb-relay-attack-tutorial/ 5/7
8/14/2019 SMB Relay Attack Tutorial - Intrinium

Intrinium Information
Company

Contact

RFP Submissions

Support

Client Portal

Blog

Careers

Partners

Blog Feed
Getting to know, Pat Atwal, VP, Operations at Intrinium

The Basics of Security Awareness Training , Part 2

Cybersecurity and Manufacturing in 2019

The Basics of Security Awareness Training , Part 1

2019 Verizon Data Breach Investigations Report (DBIR)

(866) 461-5099
Copyright © 2018
Intrinium, Inc.

Address:
4418 E 8th Avenue
Spokane Valley, Washington,99212
United States

https://intrinium.com/smb-relay-attack-tutorial/ 6/7
8/14/2019 SMB Relay Attack Tutorial - Intrinium

Hosting by Intrinium

https://intrinium.com/smb-relay-attack-tutorial/ 7/7

You might also like