Responder – spoofing LLMNR and NBT-NS to capture password hashes

Responder is a LLMNR, NBT-NS and MDNS poisoner, with built-in HTTP/SMB/MSSQL/FTP/LDAP rogue authentication server supporting NTLMv1/NTLMv2/LMv2, Extended Security NTLMSSP and Basic HTTP authentication.” Download from

One cool thing I didn’t cover in the video is how to force a basic authentication login prompt to capture plain text credentials by using the command line so that we don’t have to crack anything. This would be useful to try after an initial run with Responder doesn’t provide any password hashes that we are able to crack.

responder -I eth0 -r -w -b -F --lm -v


Of course the victim will see a prompt for login and password and we’re hoping that they will authenticate.

Check out my video below to see how to install Responder, and how to capture and crack the password hashes.

(Visited 767 times, 1 visits today)

One thought on “Responder – spoofing LLMNR and NBT-NS to capture password hashes”

  1. Excellent post. I used to be checking continuously this blog and I am inspired!
    Extremely useful information specially the remaining part
    🙂 I maintain such info much. I was looking for this particular information for a very
    lengthy time. Thank you and best of luck.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.