SOFTWARE
Arp
at
cmd
Dok
FTP
Net
Orz
Reg
RTM
Tor
yty
SOFTWARE
1-9
A-B
Arp
at
C-D
cmd
Dok
E-F
FTP
G-H
I-J
K-L
M-N
Net
O-P
Orz
Q-R
Reg
RTM
S-T
Tor
U-V
W-X
Y-Z
yty
  1. Home
  2. Software
  3. Responder

Responder

Responder is an open source tool used for LLMNR, NBT-NS and MDNS poisoning, with built-in HTTP/SMB/MSSQL/FTP/LDAP rogue authentication server supporting NTLMv1/NTLMv2/LMv2, Extended Security NTLMSSP and Basic HTTP authentication. [1]

ID: S0174
Type: TOOL
Platforms: Windows
Version: 1.0
Enterprise Layer
download view

Techniques Used

Domain ID Name Use
Enterprise T1171 LLMNR/NBT-NS Poisoning and Relay

Responder is used to poison name services to gather hashes and credentials from systems within a local network.[1]
Enterprise T1040 Network Sniffing

Responder captures hashes and credentials that are sent to the system after the name services have been poisoned.[1]

Groups That Use This Software

ID Name References
G0007 APT28 [2]

References

  1. Gaffie, L. (2016, August 25). Responder. Retrieved November 17, 2017.
  1. Smith, L. and Read, B.. (2017, August 11). APT28 Targets Hospitality Sector, Presents Threat to Travelers. Retrieved August 17, 2017.