Responder and Layer 2 Pivots

Hey all,

In the previous post we discussed using Responder with Snarf, this post will be doing the same but through a pivot.  To pivot in we’ll be using Simpletun and a layer 2 pivoting client, this will give the ability to assign an IP address to an interface on our attacking VM, listen for broadcasts, and where available, respond.  Commercial products Metasploit Pro and Cobalt Strike have this feature built-in and perform the pivot via encrypted channels, if you are not intentionally looking to get caught by Blue Teams, use them.  Another option is Inveigh, a powershell LLMNR/NBNS spoofer with relay capabilities that is included in Empire and available for pivot poisoning without the layer 2 tunnel.

Continue reading “Responder and Layer 2 Pivots”