SMB Relay: An AD Attack

What is SMB Relay?

• Instead of cracking the hashes gathered with Responder, we can instead relay those hashes to specific machines and potentially gain access.

• SMB signing must be disabled on the target.

• Relayed user credentials must be admin on machine.

SMB signing will check that the packets are coming from right place and it is signed.

If the SMB signing is enabled then it will not let the packets to send and it will say that you are not the right person to send the packets.

And if the SMB signing is disabled then it will basically see that there is a user and a hash and it will let the user on the machine.

Steps:

If you want to read the full writeup: