Responder

Responder is an open source tool used for LLMNR, NBT-NS and MDNS poisoning, with built-in HTTP/SMB/MSSQL/FTP/LDAP rogue authentication server supporting NTLMv1/NTLMv2/LMv2, Extended Security NTLMSSP and Basic HTTP authentication. [1]

ID: S0174
Type: TOOL
Platforms: Windows
Version: 1.0

Techniques Used

Domain ID Name Use
Enterprise T1171 LLMNR/NBT-NS Poisoning and Relay

Responder is used to poison name services to gather hashes and credentials from systems within a local network.[1]

Enterprise T1040 Network Sniffing

Responder captures hashes and credentials that are sent to the system after the name services have been poisoned.[1]

Groups That Use This Software

ID Name References
G0007 APT28 [2]

References