In today’s rapidly evolving cybersecurity landscape, offensive and defensive tactics must advance in tandem. Pentest Copilot is an agentic AI solution for offensive security that leverages LLMNR and NTLM Relay vulnerabilities to achieve Remote Code Execution (RCE) on remote hosts.
In a controlled AD lab, Pentest Copilot discovers live hosts on 192.168.56.0/24
, enables Responder and ntlmrelayx, captures NTLMv2 via LLMNR/NBNS, cracks and validates credentials, and relays to SMB (445) for remote code execution. All of this is graphed and explained. You’ll see Agents Connected: 2 → 3, RTCS Connected, provenance edges like CHK_LIVE_HOSTS
, vulnerability records authored by NTLMRELAYX (Credential Exposure CWE-522, RCE CWE-94), and AI summaries of two concrete paths: WINTERFELL (192.168.56.11
) leading to credential exposure, and 192.168.56.22
leading to RCE.
Discovered Hosts
Caption: Exploit Graph (/app/attack/graph
) with a green Subnet node in the center and multiple blue Host nodes around it. This is the first discovery wave after CHK_LIVE_HOSTS
runs.
Agents tooltip
Caption: Header shows Agents Connected: 2 and RTCS Connected; tooltip lists Agent GOADER and Agent CLOUD. Edges like CHK_LIVE_HOSTS
mark how each node entered the graph.
Agent details (GOADER)
Caption: GOADER on linux (amd64), Username: root, Private IP 10.160.0.5
, Public IP (lab) 34.47.230.139
, Subnets include 192.168.56.0/24
(selected). Interfaces shown: eth0, vboxnet0 (192.168.56.1
), tun0, tun1. Responder Status: Active, with a button to stop it. Last heartbeat Thu, 23 Jan 2025 04:51:38 GMT.
Vuln #90 side panel
Caption: Vulnerability (#90), Author: NTLMRELAYX, CPE: Windows, CVSS 7.5, CWE-522 (Credential Exposure). The lower cluster shows Secret nodes (captured NTLMv2) tied to this finding.
Vuln #90 pop-over
Caption: Pop-over states: NTLM hashes discovered during SMB relay; may enable Pass-the-Hash impersonation. This grounds the CWE-522 classification.
Vuln #94 pop-over
Caption: Vulnerability (#94), Author: NTLMRELAYX, CWE-94 (RCE). Relay of captured NTLM enables arbitrary command execution via SMB, leading to full compromise.
Agents tooltip (3 connected)
Caption: Agents Connected: 3 now lists GOADER, CLOUD, and BBGCE. Copilot scales orchestration across multiple runners as the graph grows.
Attack Paths (Credential Exposure)
Caption: Internal Assessment → Attack Paths shows Subnet 192.168.56.0/24
(agent_GOADER) → Host WINTERFELL (192.168.56.11
) → Service smb:445
→ Secret (NTLMv2) → Vulnerability High, CWE-522. The chat panel asks “Can you summarize this attack path?” and Copilot replies with a plain-English summary mentioning user robb.stark
and cracked password sexywolfy
.
Attack Paths (RCE)
Caption: A second chain shows Subnet (name: NTLMRELAYX) → Host 192.168.56.22
→ Service smb:445
→ Vulnerability Critical, CWE-94 (RCE). The chat clarifies: NTLM relay was used to reach command execution.
Windows falls back to LLMNR (UDP/5355) and NBNS (UDP/137) when DNS fails. A malicious responder can answer broadcasts, capture NTLMv2 challenge–responses, and if the target service doesn’t enforce protections (like SMB signing), relay the credentials to execute actions up to full RCE. (MITRE ATT&CK: T1557.001 LLMNR/NBT-NS Poisoning + SMB Relay.)
Asset discovery and provenance
Agents enumerate the in-scope network. Each finding is stamped with an evidence edge (like CHK_LIVE_HOSTS
) so you can audit how nodes entered the graph.
Adversary-in-the-middle enablement
One click in agent settings toggles Responder and ntlmrelayx to Active on the right interface. A global kill-switch halts jobs safely.
Credential capture and cracking
Captured NTLMv2 flows become Secret entities. Copilot runs sandboxed, rate-limited cracking. On success, it annotates the path with CRACK_SECRET_HASH
and updates the Secret.
Relay to SMB
If a host (like 192.168.56.22
) doesn’t require SMB signing, Copilot relays to port 445 and executes a canary command to prove RCE. This is stored as Vulnerability #94 (CWE-94) authored by NTLMRELAYX.
Explainable attack paths
The Attack Paths module reduces each chain to human-readable steps—Subnet → Host → Service → Secret → Vulnerability—and the chat panel explains what happened and why it matters.
This demo was run in a lab (GOAD-style) with written authorization. Pentest Copilot enforces scope, rate limits, and uses safe, non-destructive verification commands.
Video POC
Pentest Copilot exploiting LLMNR via NTLM Relay to gain Remote Code Execution
1) Does this require domain admin?
No. If the relayed identity has rights on the SMB target and signing isn’t required, you can reach RCE without DA.
2) We disabled LLMNR—are we safe?
It removes a major capture vector, but you still need SMB/LDAP signing and NTLM restrictions to block other relay paths.
3) How does Copilot avoid false positives?
Each step is evidenced: packet capture → Secret → crack/validate → authenticated action → command result. The graph ties vulnerabilities to specific hosts and services.
4) What happens if we require SMB signing?
Relay to SMB is blocked. Some legacy apps may need compatibility testing; start with “require if client agrees,” then move to “always.”
5) Can we run validation without cracking?
Yes. You can disable cracking and run only capture/relay validation or post-fix validation runs to confirm your defenses.
192.168.56.11
/192.168.56.22
, CWE-522/CWE-94, CVSS 7.5, and UI controls are taken directly from screenshots.