Evil SSDP

This tool responds to SSDP multicast discover requests, posing as a generic UPNP device on a local network. Your spoofed device will magically appear in Windows Explorer on machines in your local network. Users who are tempted to open the device are shown a configurable webpage.

Requirement:

Attacker on the same network could spoof Printer

└─$ evil-ssdp eth0 --template scanner

On User network, there is a printer is waiting

If you user open, it will request for credentials

Attacker will obtained cleartext credential

PreviousLLMNR/NBT-NS/MDNS Poisoning NextOS Credential Dumping

Last updated 1 year ago