7MS #226: DIY $500 Pentesting Lab - Part 3

Be sure to scroll down and view the whole post as there is both audio and video coverage of today's episode!

Background:

Today's episode is part 3 of a series all about setting up a virtual pentesting lab for about 500 bucks. Part 1 talked about getting the necessary hardware purchased and assembled. Part 2 covered network/storage configuration.

Responder:

Now in part 3, we're just going to have some fun and demonstrate Responder, a tool which can poison certain types of network broadcasts (check out this great write-up) for more information.

Essentially, Responder listens for certain types of broadcast traffic and then poisons the requests so that authentication information is sent to it. A good example (demonstrated in the video) is when someone tries to open a resource that doesn't exist, like an SMB share connection to \\serverr01. Since this device doesn't exist, the client machine says "Hey, anybody out there know who serverr01 is?" And Responder listening on our pentest box says "Oh yeah, pick me, pick me!" By doing so, Responder is able to capture hashed credential information for further cracking with tools like John the Ripper.

Video:

Here's the complementary video content for today's audio podcast:

7 Minute Security #226: DIY Virtual Pentesting Lab - Part 3 from Brian J on Vimeo.