We need three devices to make this work right? I was wondering if you would kindly shoot me a link or a tutorial on setting up my smb server to test this exploit because I am having trouble setting it up alone everytime I run my nmap scan with the said smb script it comes back as signing partially required I just want to better prepare myself for this my SMB server os is windows 10 home
Yes you need three devices for the full attack. SMB signing breaks that attack chain but doesn’t stop credential relaying. You would just need to relay to a different service after the MiTM6 attack.
I would have to understand more. If you have an SSH tunnel only most likely this wouldn't work. If you have control of a Linux host in the environment then yes the attack would work.
@@CyberAttackDefense control of the system as in?..I hv an ssh tunnel and I also hv root on the Linux machine..my lab goes like attacker_kali->ubuntu(with 2adapters)..->then whole AD (2 clients and a DC)
Very fun stuff. My IPv6 Relay attacks stopped working though. Reports that LDAP authentication failed and ldap protocol not found. It also fails when I specify - smb2support What could be the issue? My command looks something like: Python 3 ntlmrelayx.py -6 -t ldaps//192.168.19.150 -wh fakewpad.domain.local -l loot_folder This used to work but not anymore. I've disabled SMB signing and my DC LDAP policy is "none"
We need three devices to make this work right? I was wondering if you would kindly shoot me a link or a tutorial on setting up my smb server to test this exploit because I am having trouble setting it up alone everytime I run my nmap scan with the said smb script it comes back as signing partially required I just want to better prepare myself for this my SMB server os is windows 10 home
Yes you need three devices for the full attack. SMB signing breaks that attack chain but doesn’t stop credential relaying. You would just need to relay to a different service after the MiTM6 attack.
Sir,can we do this when we have a pivot in between attacker and the target? I have pivoted via dynamic ssh port forwarding
I would have to understand more. If you have an SSH tunnel only most likely this wouldn't work. If you have control of a Linux host in the environment then yes the attack would work.
@@CyberAttackDefense control of the system as in?..I hv an ssh tunnel and I also hv root on the Linux machine..my lab goes like attacker_kali->ubuntu(with 2adapters)..->then whole AD (2 clients and a DC)
@@aestheticker6472 Then yes this attack would work. Probably nearly identically to what I demonstrated.
@@CyberAttackDefense but on which machine we should have the tools?..the pivot right?..can’t we just do these using our Kali system through tunnel?
@@aestheticker6472 Your kali system if it's in the subnet your targeting.
Very fun stuff.
My IPv6 Relay attacks stopped working though. Reports that LDAP authentication failed and ldap protocol not found. It also fails when I specify - smb2support What could be the issue?
My command looks something like:
Python 3 ntlmrelayx.py -6 -t ldaps//192.168.19.150 -wh fakewpad.domain.local -l loot_folder
This used to work but not anymore. I've disabled SMB signing and my DC LDAP policy is "none"
I never relay with LDAP so I'm not sure. Try relaying to ADCS or to the domain controller with a proxy.