Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- A. LLMNR is a multicast protocol conected to the DNS protocol,
- it Sends both ipv4 and ipv6 simultaneous
- NBNS is a service that register the NetBIOS name's of every PC uppon connectiong to the network
- LLMNR poisoning
- yes, you can disable the LLMNR and NetBios. and limit Pre User privilege tho it wont stop the attack only limit the attacker preuser he control
- SMB Relay
- LLMNR poisoning is happening on the network
- WPAD
- just a proxy list automaited tool
- located the proxy from the list, test it and connect to the WAN
- the attackers can connect to the network and "spoof" itself as a proxy server
- then the attacker relay all traffic throw him and can monitor the domain network
- the mitigation:
- witelist mac address
- disable WPAD ofc...
- Multi-Relay & Responder
- A. Explain the Responder & Multi-Relay integrated attack process. Does an admin user need to be attacked?
- B. You did a Multi-Relay attack but forgot to disable the SMB in Responder, what will happen, and why should you do it?
- C. Can a response affect the corporate network? explain.
- responder is just a fake service provider.
- its can spoof a lot of fake and heavily modded packets
- attacker enum the DC
- fines a user
- gain access by attack by DLL or somthing
- get to share folder
- create file with the responder script
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement