nerdexam
GIAC

GCIH · Question #721

An attacker needs to relay SMB requests to another system outside of the local subnet using Responder. Which command arguments will achieve this goal?

The correct answer is D. -I eth0 -i 10.0.0.5. Responder's '-i' flag specifies an external IP address for SMB relay, enabling redirection to a target outside the local subnet.

Vulnerability Exploitation & Privilege Escalation

Question

An attacker needs to relay SMB requests to another system outside of the local subnet using Responder. Which command arguments will achieve this goal?

Options

  • A-I eth0 -d 10.0.0.5
  • B-I eth0
  • C-I eth0 -e 10.0.0.5
  • D-I eth0 -i 10.0.0.5

How the community answered

(32 responses)
  • A
    3% (1)
  • B
    3% (1)
  • C
    9% (3)
  • D
    84% (27)

Why each option

Responder's '-i' flag specifies an external IP address for SMB relay, enabling redirection to a target outside the local subnet.

A-I eth0 -d 10.0.0.5

The '-d' flag enables answering DHCP broadcast requests, not SMB relay targeting.

B-I eth0

Specifying only the interface with '-I eth0' performs local poisoning but does not configure an external relay destination.

C-I eth0 -e 10.0.0.5

The '-e' flag is not the correct Responder argument for specifying an SMB relay IP; it serves a different purpose in the tool.

D-I eth0 -i 10.0.0.5Correct

The '-i' argument in Responder sets the IP address to use as the SMB relay destination, which is required when the target is on a different subnet than the attacker. Combined with '-I eth0' to specify the listening interface, this configuration enables cross-subnet SMB relay attacks.

Concept tested: Configuring Responder for external SMB relay

Source: https://github.com/lgandx/Responder

Topics

#SMB relay#Responder#NTLM relay#credential theft

Community Discussion

No community discussion yet for this question.

Full GCIH Practice