LLMNR Deception Tool Responder
LLMNR (link-local Multicast name resolution, link local multicast name resolution) protocol is a protocol based on DNS packet format. it resolves the host name to the IP address of IPv4 and IPV6. This allows users to access specific hosts and services directly using the host name, without having to memorize the corresponding IP address. This protocol is widely used in Windows VISTA/7/8/10 operating systems.
The working mechanism of the agreement is simple. For example, computer A and computer B are in a local area network. When computer A requests Host B, it sends a UDP packet that contains the requested host name in broadcast form. When Host B receives the UDP packet, the response packet that sends UDP in unicast form is given to host a. Because the whole process is done in UDP, host a cannot confirm whether Host B hosts the host name. This leads to the possibility of deception.
To address this vulnerability, Kali Linux provides responder tools. This tool can not only sniff all the LLMNR packets in the network, get the information of each host, but also can initiate spoofing to lure the host requesting the request to access the wrong host. In order to penetrate conveniently, this tool can also forge http/s, SMB, SQL Server, FTP, IMAP, POP3 and so on many services, thus uses the fishing way to obtain the service authentication information, like the user name and the password and so on.