mirror of
https://github.com/lgandx/Responder.git
synced 2025-08-20 21:33:31 -07:00
Minor bugs and display/logging fixes + RDP srv SSLwrapping fix
This commit is contained in:
lgandx
parent
9b1c99ccd2
commit
15d03bc902
16 changed files with 50 additions and 44 deletions
|
|
@ -165,7 +165,7 @@ def BecomeBackup(data,Client):
|
|||
Role = NBT_NS_Role(data[45:48])
|
||||
|
||||
if settings.Config.AnalyzeMode:
|
||||
print(text("[Analyze mode: Browser] Datagram Request from IP: %s hostname: %s via the: %s wants to become a Local Master Browser Backup on this domain: %s."%(Client, Name,Role,Domain)))
|
||||
print(text("[Analyze mode: Browser] Datagram Request from IP: %s hostname: %s via the: %s wants to become a Local Master Browser Backup on this domain: %s."%(Client.replace("::ffff:",""), Name,Role,Domain)))
|
||||
RAPInfo = RAPThisDomain(Client, Domain)
|
||||
if RAPInfo is not None:
|
||||
print(RAPInfo)
|
||||
|
|
@ -182,7 +182,7 @@ def ParseDatagramNBTNames(data,Client):
|
|||
|
||||
|
||||
if Role2 == "Domain Controller" or Role2 == "Browser Election" or Role2 == "Local Master Browser" and settings.Config.AnalyzeMode:
|
||||
print(text('[Analyze mode: Browser] Datagram Request from IP: %s hostname: %s via the: %s to: %s. Service: %s' % (Client, Name, Role1, Domain, Role2)))
|
||||
print(text('[Analyze mode: Browser] Datagram Request from IP: %s hostname: %s via the: %s to: %s. Service: %s' % (Client.replace("::ffff:",""), Name, Role1, Domain, Role2)))
|
||||
RAPInfo = RAPThisDomain(Client, Domain)
|
||||
if RAPInfo is not None:
|
||||
print(RAPInfo)
|
||||
|
|
|
|||
|
|
@ -49,35 +49,35 @@ class DNS(BaseRequestHandler):
|
|||
buff.calculate(NetworkRecvBufferPython2or3(data))
|
||||
soc.sendto(NetworkSendBufferPython2or3(buff), self.client_address)
|
||||
ResolveName = re.sub('[^0-9a-zA-Z]+', '.', buff.fields["QuestionName"])
|
||||
print(color("[*] [DNS] A Record poisoned answer sent to: %-15s Requested name: %s" % (self.client_address[0], ResolveName), 2, 1))
|
||||
print(color("[*] [DNS] A Record poisoned answer sent to: %-15s Requested name: %s" % (self.client_address[0].replace("::ffff:",""), ResolveName), 2, 1))
|
||||
|
||||
if ParseDNSType(NetworkRecvBufferPython2or3(data)) == "OPTIPv4":
|
||||
buff = DNS_AnsOPT()
|
||||
buff.calculate(NetworkRecvBufferPython2or3(data))
|
||||
soc.sendto(NetworkSendBufferPython2or3(buff), self.client_address)
|
||||
ResolveName = re.sub('[^0-9a-zA-Z]+', '.', buff.fields["QuestionName"])
|
||||
print(color("[*] [DNS] A OPT Record poisoned answer sent to: %-15s Requested name: %s" % (self.client_address[0], ResolveName), 2, 1))
|
||||
print(color("[*] [DNS] A OPT Record poisoned answer sent to: %-15s Requested name: %s" % (self.client_address[0].replace("::ffff:",""), ResolveName), 2, 1))
|
||||
|
||||
if ParseDNSType(NetworkRecvBufferPython2or3(data)) == "SRV":
|
||||
buff = DNS_SRV_Ans()
|
||||
buff.calculate(NetworkRecvBufferPython2or3(data))
|
||||
soc.sendto(NetworkSendBufferPython2or3(buff), self.client_address)
|
||||
ResolveName = re.sub('[^0-9a-zA-Z]+', '.', buff.fields["QuestionName"])
|
||||
print(color("[*] [DNS] SRV Record poisoned answer sent to: %-15s Requested name: %s" % (self.client_address[0], ResolveName), 2, 1))
|
||||
print(color("[*] [DNS] SRV Record poisoned answer sent to: %-15s Requested name: %s" % (self.client_address[0].replace("::ffff:",""), ResolveName), 2, 1))
|
||||
|
||||
if ParseDNSType(NetworkRecvBufferPython2or3(data)) == "IPv6":
|
||||
buff = DNS6_Ans()
|
||||
buff.calculate(NetworkRecvBufferPython2or3(data))
|
||||
soc.sendto(NetworkSendBufferPython2or3(buff), self.client_address)
|
||||
ResolveName = re.sub('[^0-9a-zA-Z]+', '.', buff.fields["QuestionName"])
|
||||
print(color("[*] [DNS] AAAA Record poisoned answer sent to: %-15s Requested name: %s" % (self.client_address[0], ResolveName), 2, 1))
|
||||
print(color("[*] [DNS] AAAA Record poisoned answer sent to: %-15s Requested name: %s" % (self.client_address[0].replace("::ffff:",""), ResolveName), 2, 1))
|
||||
|
||||
if ParseDNSType(NetworkRecvBufferPython2or3(data)) == "OPTIPv6":
|
||||
buff = DNS6_Ans()
|
||||
buff.calculate(NetworkRecvBufferPython2or3(data))
|
||||
soc.sendto(NetworkSendBufferPython2or3(buff), self.client_address)
|
||||
ResolveName = re.sub('[^0-9a-zA-Z]+', '.', buff.fields["QuestionName"])
|
||||
print(color("[*] [DNS] AAAA OPT Record poisoned answer sent to: %-15s Requested name: %s" % (self.client_address[0], ResolveName), 2, 1))
|
||||
print(color("[*] [DNS] AAAA OPT Record poisoned answer sent to: %-15s Requested name: %s" % (self.client_address[0].replace("::ffff:",""), ResolveName), 2, 1))
|
||||
|
||||
|
||||
except Exception:
|
||||
|
|
@ -97,35 +97,35 @@ class DNSTCP(BaseRequestHandler):
|
|||
buff.calculate(NetworkRecvBufferPython2or3(data))
|
||||
self.request.send(NetworkSendBufferPython2or3(buff))
|
||||
ResolveName = re.sub('[^0-9a-zA-Z]+', '.', buff.fields["QuestionName"])
|
||||
print(color("[*] [DNS] A Record poisoned answer sent to: %-15s Requested name: %s" % (self.client_address[0], ResolveName), 2, 1))
|
||||
print(color("[*] [DNS] A Record poisoned answer sent to: %-15s Requested name: %s" % (self.client_address[0].replace("::ffff:",""), ResolveName), 2, 1))
|
||||
|
||||
if ParseDNSType(NetworkRecvBufferPython2or3(data)) == "OPTIPv4":
|
||||
buff = DNS_AnsOPT()
|
||||
buff.calculate(NetworkRecvBufferPython2or3(data))
|
||||
self.request.send(NetworkSendBufferPython2or3(buff))
|
||||
ResolveName = re.sub('[^0-9a-zA-Z]+', '.', buff.fields["QuestionName"])
|
||||
print(color("[*] [DNS] A OPT Record poisoned answer sent to: %-15s Requested name: %s" % (self.client_address[0], ResolveName), 2, 1))
|
||||
print(color("[*] [DNS] A OPT Record poisoned answer sent to: %-15s Requested name: %s" % (self.client_address[0].replace("::ffff:",""), ResolveName), 2, 1))
|
||||
|
||||
if ParseDNSType(NetworkRecvBufferPython2or3(data)) == "SRV":
|
||||
buff = DNS_SRV_Ans()
|
||||
buff.calculate(NetworkRecvBufferPython2or3(data))
|
||||
self.request.send(NetworkSendBufferPython2or3(buff))
|
||||
ResolveName = re.sub('[^0-9a-zA-Z]+', '.', buff.fields["QuestionName"])
|
||||
print(color("[*] [DNS] SRV Record poisoned answer sent: %-15s Requested name: %s" % (self.client_address[0], ResolveName), 2, 1))
|
||||
print(color("[*] [DNS] SRV Record poisoned answer sent: %-15s Requested name: %s" % (self.client_address[0].replace("::ffff:",""), ResolveName), 2, 1))
|
||||
|
||||
if ParseDNSType(NetworkRecvBufferPython2or3(data)) == "IPv6":
|
||||
buff = DNS6_Ans()
|
||||
buff.calculate(NetworkRecvBufferPython2or3(data))
|
||||
self.request.send(NetworkSendBufferPython2or3(buff))
|
||||
ResolveName = re.sub('[^0-9a-zA-Z]+', '.', buff.fields["QuestionName"])
|
||||
print(color("[*] [DNS] AAAA Record poisoned answer sent: %-15s Requested name: %s" % (self.client_address[0], ResolveName), 2, 1))
|
||||
print(color("[*] [DNS] AAAA Record poisoned answer sent: %-15s Requested name: %s" % (self.client_address[0].replace("::ffff:",""), ResolveName), 2, 1))
|
||||
|
||||
if ParseDNSType(NetworkRecvBufferPython2or3(data)) == "OPTIPv6":
|
||||
buff = DNS6_AnsOPT()
|
||||
buff.calculate(NetworkRecvBufferPython2or3(data))
|
||||
self.request.send(NetworkSendBufferPython2or3(buff))
|
||||
ResolveName = re.sub('[^0-9a-zA-Z]+', '.', buff.fields["QuestionName"])
|
||||
print(color("[*] [DNS] AAAA OPT Record poisoned answer sent: %-15s Requested name: %s" % (self.client_address[0], ResolveName), 2, 1))
|
||||
print(color("[*] [DNS] AAAA OPT Record poisoned answer sent: %-15s Requested name: %s" % (self.client_address[0].replace("::ffff:",""), ResolveName), 2, 1))
|
||||
|
||||
except Exception:
|
||||
pass
|
||||
|
|
|
|||
|
|
@ -205,7 +205,7 @@ def PacketSequence(data, client, Challenge):
|
|||
ParseHTTPHash(NTLM_Auth, Challenge, client, module)
|
||||
|
||||
if settings.Config.Force_WPAD_Auth and WPAD_Custom:
|
||||
print(text("[HTTP] WPAD (auth) file sent to %s" % client))
|
||||
print(text("[HTTP] WPAD (auth) file sent to %s" % client.replace("::ffff:","")))
|
||||
|
||||
return WPAD_Custom
|
||||
else:
|
||||
|
|
@ -230,7 +230,7 @@ def PacketSequence(data, client, Challenge):
|
|||
|
||||
if settings.Config.Force_WPAD_Auth and WPAD_Custom:
|
||||
if settings.Config.Verbose:
|
||||
print(text("[HTTP] WPAD (auth) file sent to %s" % client))
|
||||
print(text("[HTTP] WPAD (auth) file sent to %s" % client.replace("::ffff:","")))
|
||||
|
||||
return WPAD_Custom
|
||||
else:
|
||||
|
|
@ -241,12 +241,12 @@ def PacketSequence(data, client, Challenge):
|
|||
if settings.Config.Basic:
|
||||
Response = IIS_Basic_401_Ans()
|
||||
if settings.Config.Verbose:
|
||||
print(text("[HTTP] Sending BASIC authentication request to %s" % client))
|
||||
print(text("[HTTP] Sending BASIC authentication request to %s" % client.replace("::ffff:","")))
|
||||
|
||||
else:
|
||||
Response = IIS_Auth_401_Ans()
|
||||
if settings.Config.Verbose:
|
||||
print(text("[HTTP] Sending NTLM authentication request to %s" % client))
|
||||
print(text("[HTTP] Sending NTLM authentication request to %s" % client.replace("::ffff:","")))
|
||||
|
||||
return Response
|
||||
|
||||
|
|
@ -290,7 +290,7 @@ class HTTP(BaseRequestHandler):
|
|||
self.request.send(NetworkSendBufferPython2or3(Buffer))
|
||||
self.request.close()
|
||||
if settings.Config.Verbose:
|
||||
print(text("[HTTP] WPAD (no auth) file sent to %s" % self.client_address[0]))
|
||||
print(text("[HTTP] WPAD (no auth) file sent to %s" % self.client_address[0].replace("::ffff:","")))
|
||||
|
||||
else:
|
||||
Buffer = PacketSequence(data,self.client_address[0], Challenge)
|
||||
|
|
|
|||
|
|
@ -209,7 +209,7 @@ class HTTP_Proxy(BaseHTTPServer.BaseHTTPRequestHandler):
|
|||
def handle(self):
|
||||
(ip, port) = self.client_address[0], self.client_address[1]
|
||||
if settings.Config.Verbose:
|
||||
print(text("[PROXY] Received connection from %s" % self.client_address[0]))
|
||||
print(text("[PROXY] Received connection from %s" % self.client_address[0].replace("::ffff:","")))
|
||||
self.__base_handle()
|
||||
|
||||
def _connect_to(self, netloc, soc):
|
||||
|
|
@ -286,7 +286,7 @@ class HTTP_Proxy(BaseHTTPServer.BaseHTTPRequestHandler):
|
|||
Cookie = self.headers['Cookie'] if "Cookie" in self.headers else ''
|
||||
|
||||
if settings.Config.Verbose:
|
||||
print(text("[PROXY] Client : %s" % color(self.client_address[0], 3)))
|
||||
print(text("[PROXY] Client : %s" % color(self.client_address[0].replace("::ffff:",""), 3)))
|
||||
print(text("[PROXY] Requested URL : %s" % color(self.path, 3)))
|
||||
print(text("[PROXY] Cookie : %s" % Cookie))
|
||||
|
||||
|
|
|
|||
|
|
@ -173,7 +173,7 @@ def ParseCLDAPPacket(data, client, Challenge):
|
|||
|
||||
elif Operation == b'\x63':
|
||||
Buffer = ParseSearch(data)
|
||||
print(text('[CLDAP] Sent CLDAP pong to %s.'% client))
|
||||
print(text('[CLDAP] Sent CLDAP pong to %s.'% client.replace("::ffff:","")))
|
||||
return Buffer
|
||||
|
||||
elif settings.Config.Verbose:
|
||||
|
|
|
|||
|
|
@ -134,7 +134,7 @@ class MSSQL(BaseRequestHandler):
|
|||
if not data:
|
||||
break
|
||||
if settings.Config.Verbose:
|
||||
print(text("[MSSQL] Received connection from %s" % self.client_address[0]))
|
||||
print(text("[MSSQL] Received connection from %s" % self.client_address[0].replace("::ffff:","")))
|
||||
if data[0] == b"\x12" or data[0] == 18: # Pre-Login Message
|
||||
Buffer = str(MSSQLPreLoginAnswer())
|
||||
self.request.send(NetworkSendBufferPython2or3(Buffer))
|
||||
|
|
|
|||
|
|
@ -57,7 +57,7 @@ def PacketSequence(data, client, Challenge):
|
|||
Packet_NTLM = b64decode(''.join(NTLM_Auth))[8:9]
|
||||
if Packet_NTLM == b'\x01':
|
||||
if settings.Config.Verbose:
|
||||
print(text("[Proxy-Auth] Sending NTLM authentication request to %s" % client))
|
||||
print(text("[Proxy-Auth] Sending NTLM authentication request to %s" % client.replace("::ffff:","")))
|
||||
Buffer = NTLM_Challenge(ServerChallenge=NetworkRecvBufferPython2or3(Challenge))
|
||||
Buffer.calculate()
|
||||
Buffer_Ans = WPAD_NTLM_Challenge_Ans(Payload = b64encode(NetworkSendBufferPython2or3(Buffer)).decode('latin-1'))
|
||||
|
|
@ -93,7 +93,7 @@ def PacketSequence(data, client, Challenge):
|
|||
if settings.Config.Basic:
|
||||
Response = WPAD_Basic_407_Ans()
|
||||
if settings.Config.Verbose:
|
||||
print(text("[Proxy-Auth] Sending BASIC authentication request to %s" % client))
|
||||
print(text("[Proxy-Auth] Sending BASIC authentication request to %s" % client.replace("::ffff:","")))
|
||||
|
||||
else:
|
||||
Response = WPAD_Auth_407_Ans()
|
||||
|
|
|
|||
|
|
@ -98,6 +98,11 @@ class RDP(BaseRequestHandler):
|
|||
self.request.settimeout(30)
|
||||
Challenge = RandomChallenge()
|
||||
|
||||
cert = os.path.join(settings.Config.ResponderPATH, settings.Config.SSLCert)
|
||||
key = os.path.join(settings.Config.ResponderPATH, settings.Config.SSLKey)
|
||||
context = ssl.SSLContext(ssl.PROTOCOL_TLS_SERVER)
|
||||
context.load_cert_chain(cert, key)
|
||||
|
||||
if data[11:12] == b'\x01':
|
||||
x = X224(Data=RDPNEGOAnswer())
|
||||
x.calculate()
|
||||
|
|
@ -105,7 +110,7 @@ class RDP(BaseRequestHandler):
|
|||
h.calculate()
|
||||
buffer1 = str(h)
|
||||
self.request.send(NetworkSendBufferPython2or3(buffer1))
|
||||
SSLsock = ssl.wrap_socket(self.request, certfile=cert, keyfile=key, ssl_version=ssl.PROTOCOL_TLS_SERVER,server_side=True)
|
||||
SSLsock = context.wrap_socket(self.request, server_side=True)
|
||||
SSLsock.settimeout(30)
|
||||
data = SSLsock.read(8092)
|
||||
if FindNTLMNegoStep(data) == b'\x01\x00\x00\x00':
|
||||
|
|
@ -125,8 +130,7 @@ class RDP(BaseRequestHandler):
|
|||
buffer1 = str(h)
|
||||
self.request.send(NetworkSendBufferPython2or3(buffer1))
|
||||
data = self.request.recv(8092)
|
||||
|
||||
SSLsock = ssl.wrap_socket(self.request, certfile=cert, keyfile=key, ssl_version=ssl.PROTOCOL_TLS,server_side=True)
|
||||
SSLsock = context.wrap_socket(self.request, server_side=True)
|
||||
data = SSLsock.read(8092)
|
||||
if FindNTLMNegoStep(data) == b'\x01\x00\x00\x00':
|
||||
x = RDPNTLMChallengeAnswer(NTLMSSPNtServerChallenge=NetworkRecvBufferPython2or3(Challenge))
|
||||
|
|
|
|||
|
|
@ -144,7 +144,7 @@ class RPCMap(BaseRequestHandler):
|
|||
RPC.calculate()
|
||||
self.request.send(NetworkSendBufferPython2or3(str(RPC)))
|
||||
data = self.request.recv(1024)
|
||||
print(color("[*] [DCE-RPC Mapper] Redirected %-15sto DSRUAPI auth server." % (self.client_address[0]), 3, 1))
|
||||
print(color("[*] [DCE-RPC Mapper] Redirected %-15sto DSRUAPI auth server." % (self.client_address[0].replace("::ffff:","")), 3, 1))
|
||||
self.request.close()
|
||||
|
||||
#LSARPC
|
||||
|
|
@ -155,7 +155,7 @@ class RPCMap(BaseRequestHandler):
|
|||
RPC.calculate()
|
||||
self.request.send(NetworkSendBufferPython2or3(str(RPC)))
|
||||
data = self.request.recv(1024)
|
||||
print(color("[*] [DCE-RPC Mapper] Redirected %-15sto LSARPC auth server." % (self.client_address[0]), 3, 1))
|
||||
print(color("[*] [DCE-RPC Mapper] Redirected %-15sto LSARPC auth server." % (self.client_address[0].replace("::ffff:","")), 3, 1))
|
||||
self.request.close()
|
||||
|
||||
#WINSPOOL
|
||||
|
|
@ -166,7 +166,7 @@ class RPCMap(BaseRequestHandler):
|
|||
RPC.calculate()
|
||||
self.request.send(NetworkSendBufferPython2or3(str(RPC)))
|
||||
data = self.request.recv(1024)
|
||||
print(color("[*] [DCE-RPC Mapper] Redirected %-15sto WINSPOOL auth server." % (self.client_address[0]), 3, 1))
|
||||
print(color("[*] [DCE-RPC Mapper] Redirected %-15sto WINSPOOL auth server." % (self.client_address[0].replace("::ffff:","")), 3, 1))
|
||||
self.request.close()
|
||||
|
||||
#NetLogon
|
||||
|
|
|
|||
|
|
@ -206,7 +206,6 @@ class SMB1(BaseRequestHandler): # SMB1 & SMB2 Server class, NTLMSSP
|
|||
self.request.send(Buffer)
|
||||
data = self.request.recv(1024)
|
||||
except:
|
||||
raise
|
||||
pass
|
||||
|
||||
##Negotiate proto answer SMBv2.
|
||||
|
|
|
|||
|
|
@ -127,12 +127,12 @@ def PacketSequence(data, client, Challenge):
|
|||
if settings.Config.Basic:
|
||||
Response = IIS_Basic_401_Ans()
|
||||
if settings.Config.Verbose:
|
||||
print(text("[WinRM] Sending BASIC authentication request to %s" % client))
|
||||
print(text("[WinRM] Sending BASIC authentication request to %s" % client.replace("::ffff:","")))
|
||||
|
||||
else:
|
||||
Response = IIS_Auth_401_Ans()
|
||||
if settings.Config.Verbose:
|
||||
print(text("[WinRM] Sending NTLM authentication request to %s" % client))
|
||||
print(text("[WinRM] Sending NTLM authentication request to %s" % client.replace("::ffff:","")))
|
||||
|
||||
return Response
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue