Feature Request: Prevent account lockouts and specify which user account to authenticate with when using NTLMRelayX.

[0xabdi]

Would it be possible to:

1. add a way of specifying how many times to authenticate against a target to prevent account lockouts on the domain.
2. specify which user to authenticate as when relaying to a target.

(These features are available in Responder's Multirelay, It would have been awesome if the same was available on ntlmrelayx)

[asolino]

Hey @abdihakx

Fair point about 1., I'm leaving this issue open as an enhancement. We should be counting per account instead of target (if we want to avoid account lockout).

With regard to 2., that feature is implemented. Check this blogpost.

[0xabdi]

Awesome! Looking forward to it.

Will definitely check out the blog, Didn't know this option existed. Thanks!

[infosecmatt]

Just adding to this, in a responsive/noisy environment the lack of mechanism for preventing lockouts triggered an MSP alert during our pentest that some users had attempted to authenticate over 600 times to the target host in a little under 2 hours. I think for the tool's intended users (pentesters) this problem makes the tool very difficult to justify using in a production environment for fear of disrupting client ops. Even if this were a toggleable option I think it'd certainly improve the tool's usability.

Appreciate all your hard work! Your tools make our engagements immeasurably easier.

Alert: