SMBRelay and SMBRelay2 are computer programs that can be used to carry out SMB man-in-the-middle (mitm) attacks on Windows machines.
They were written by Sir Dystic of Cult of the Dead Cow (cDc) and released March 21, 2001 at the @lantacon convention in Atlanta, Georgia.
After connecting and authenticating, the target's client is disconnected and SMBRelay binds to port 139 on a new IP address.
As long as the target host remains connected, the user can disconnect from and reconnect to this virtual IP.
SMBRelay collects the NTLM password hashes and writes them to hashes.txt in a format usable by L0phtCrack for cracking at a later time.