github/Responder
1
0
Fork 0
mirror of https://github.com/lgandx/Responder.git synced 2025-07-13 08:33:04 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions

Minor bugs and display/logging fixes + RDP srv SSLwrapping fix

Browse source
This commit is contained in:
lgandx 2022-07-26 14:56:18 -03:00
parent 9b1c99ccd2
commit 15d03bc902
16 changed files with 50 additions and 44 deletions
Download patch file Download diff file Expand all files Collapse all files

6
poisoners/LLMNR.py
View file

@ -64,7 +64,7 @@ class LLMNR(BaseRequestHandler): # LLMNR Server class
if data[2:4] == b'\x00\x00' and LLMNRType: if data[2:4] == b'\x00\x00' and LLMNRType:
if settings.Config.AnalyzeMode: if settings.Config.AnalyzeMode:
LineHeader = "[Analyze mode: LLMNR]" LineHeader = "[Analyze mode: LLMNR]"
print(color("%s Request by %s for %s, ignoring" % (LineHeader, self.client_address[0], Name), 2, 1)) print(color("%s Request by %s for %s, ignoring" % (LineHeader, self.client_address[0].replace("::ffff:",""), Name), 2, 1))
SavePoisonersToDb({ SavePoisonersToDb({
'Poisoner': 'LLMNR', 'Poisoner': 'LLMNR',
'SentToIp': self.client_address[0], 'SentToIp': self.client_address[0],
@ -77,7 +77,7 @@ class LLMNR(BaseRequestHandler): # LLMNR Server class
Buffer1.calculate() Buffer1.calculate()
soc.sendto(NetworkSendBufferPython2or3(Buffer1), self.client_address) soc.sendto(NetworkSendBufferPython2or3(Buffer1), self.client_address)
LineHeader = "[*] [LLMNR]" LineHeader = "[*] [LLMNR]"
print(color("%s Poisoned answer sent to %s for name %s" % (LineHeader, self.client_address[0], Name), 2, 1)) print(color("%s Poisoned answer sent to %s for name %s" % (LineHeader, self.client_address[0].replace("::ffff:",""), Name), 2, 1))
SavePoisonersToDb({ SavePoisonersToDb({
'Poisoner': 'LLMNR', 'Poisoner': 'LLMNR',
'SentToIp': self.client_address[0], 'SentToIp': self.client_address[0],
@ -90,7 +90,7 @@ class LLMNR(BaseRequestHandler): # LLMNR Server class
Buffer1.calculate() Buffer1.calculate()
soc.sendto(NetworkSendBufferPython2or3(Buffer1), self.client_address) soc.sendto(NetworkSendBufferPython2or3(Buffer1), self.client_address)
LineHeader = "[*] [LLMNR]" LineHeader = "[*] [LLMNR]"
print(color("%s Poisoned answer sent to %s for name %s" % (LineHeader, self.client_address[0], Name), 2, 1)) print(color("%s Poisoned answer sent to %s for name %s" % (LineHeader, self.client_address[0].replace("::ffff:",""), Name), 2, 1))
SavePoisonersToDb({ SavePoisonersToDb({
'Poisoner': 'LLMNR6', 'Poisoner': 'LLMNR6',
'SentToIp': self.client_address[0], 'SentToIp': self.client_address[0],

6
poisoners/MDNS.py
View file

@ -61,7 +61,7 @@ class MDNS(BaseRequestHandler):
return None return None
if settings.Config.AnalyzeMode: # Analyze Mode if settings.Config.AnalyzeMode: # Analyze Mode
print(text('[Analyze mode: MDNS] Request by %-15s for %s, ignoring' % (color(self.client_address[0], 3), color(Request_Name, 3)))) print(text('[Analyze mode: MDNS] Request by %-15s for %s, ignoring' % (color(self.client_address[0].replace("::ffff:",""), 3), color(Request_Name, 3))))
SavePoisonersToDb({ SavePoisonersToDb({
'Poisoner': 'MDNS', 'Poisoner': 'MDNS',
'SentToIp': self.client_address[0], 'SentToIp': self.client_address[0],
@ -73,7 +73,7 @@ class MDNS(BaseRequestHandler):
Buffer = MDNS_Ans(AnswerName = Poisoned_Name) Buffer = MDNS_Ans(AnswerName = Poisoned_Name)
Buffer.calculate() Buffer.calculate()
soc.sendto(NetworkSendBufferPython2or3(Buffer), self.client_address) soc.sendto(NetworkSendBufferPython2or3(Buffer), self.client_address)
print(color('[*] [MDNS] Poisoned answer sent to %-15s for name %s' % (self.client_address[0], Request_Name), 2, 1)) print(color('[*] [MDNS] Poisoned answer sent to %-15s for name %s' % (self.client_address[0].replace("::ffff:",""), Request_Name), 2, 1))
SavePoisonersToDb({ SavePoisonersToDb({
'Poisoner': 'MDNS', 'Poisoner': 'MDNS',
'SentToIp': self.client_address[0], 'SentToIp': self.client_address[0],
@ -86,7 +86,7 @@ class MDNS(BaseRequestHandler):
Buffer = MDNS6_Ans(AnswerName = Poisoned_Name) Buffer = MDNS6_Ans(AnswerName = Poisoned_Name)
Buffer.calculate() Buffer.calculate()
soc.sendto(NetworkSendBufferPython2or3(Buffer), self.client_address) soc.sendto(NetworkSendBufferPython2or3(Buffer), self.client_address)
print(color('[*] [MDNS] Poisoned answer sent to %-15s for name %s' % (self.client_address[0], Request_Name), 2, 1)) print(color('[*] [MDNS] Poisoned answer sent to %-15s for name %s' % (self.client_address[0].replace("::ffff:",""), Request_Name), 2, 1))
SavePoisonersToDb({ SavePoisonersToDb({
'Poisoner': 'MDNS6', 'Poisoner': 'MDNS6',
'SentToIp': self.client_address[0], 'SentToIp': self.client_address[0],

5
poisoners/NBTNS.py
View file

@ -36,8 +36,7 @@ class NBTNS(BaseRequestHandler):
if data[2:4] == b'\x01\x10': if data[2:4] == b'\x01\x10':
if settings.Config.AnalyzeMode: # Analyze Mode if settings.Config.AnalyzeMode: # Analyze Mode
LineHeader = "[Analyze mode: NBT-NS]" print(text('[Analyze mode: NBT-NS] Request by %-15s for %s, ignoring' % (color(self.client_address[0].replace("::ffff:",""), 3), color(Name, 3))))
print(color("%s Request by %s for %s, ignoring" % (LineHeader, self.client_address[0], Name), 2, 1))
SavePoisonersToDb({ SavePoisonersToDb({
'Poisoner': 'NBT-NS', 'Poisoner': 'NBT-NS',
'SentToIp': self.client_address[0], 'SentToIp': self.client_address[0],
@ -49,7 +48,7 @@ class NBTNS(BaseRequestHandler):
Buffer1.calculate(data) Buffer1.calculate(data)
socket.sendto(NetworkSendBufferPython2or3(Buffer1), self.client_address) socket.sendto(NetworkSendBufferPython2or3(Buffer1), self.client_address)
LineHeader = "[*] [NBT-NS]" LineHeader = "[*] [NBT-NS]"
print(color("%s Poisoned answer sent to %s for name %s (service: %s)" % (LineHeader, self.client_address[0], Name, NBT_NS_Role(NetworkRecvBufferPython2or3(data[43:46]))), 2, 1)) print(color("%s Poisoned answer sent to %s for name %s (service: %s)" % (LineHeader, self.client_address[0].replace("::ffff:",""), Name, NBT_NS_Role(NetworkRecvBufferPython2or3(data[43:46]))), 2, 1))
SavePoisonersToDb({ SavePoisonersToDb({
'Poisoner': 'NBT-NS', 'Poisoner': 'NBT-NS',
'SentToIp': self.client_address[0], 'SentToIp': self.client_address[0],

4
servers/Browser.py
View file

@ -165,7 +165,7 @@ def BecomeBackup(data,Client):
Role = NBT_NS_Role(data[45:48]) Role = NBT_NS_Role(data[45:48])
if settings.Config.AnalyzeMode: if settings.Config.AnalyzeMode:
print(text("[Analyze mode: Browser] Datagram Request from IP: %s hostname: %s via the: %s wants to become a Local Master Browser Backup on this domain: %s."%(Client, Name,Role,Domain))) print(text("[Analyze mode: Browser] Datagram Request from IP: %s hostname: %s via the: %s wants to become a Local Master Browser Backup on this domain: %s."%(Client.replace("::ffff:",""), Name,Role,Domain)))
RAPInfo = RAPThisDomain(Client, Domain) RAPInfo = RAPThisDomain(Client, Domain)
if RAPInfo is not None: if RAPInfo is not None:
print(RAPInfo) print(RAPInfo)
@ -182,7 +182,7 @@ def ParseDatagramNBTNames(data,Client):
if Role2 == "Domain Controller" or Role2 == "Browser Election" or Role2 == "Local Master Browser" and settings.Config.AnalyzeMode: if Role2 == "Domain Controller" or Role2 == "Browser Election" or Role2 == "Local Master Browser" and settings.Config.AnalyzeMode:
print(text('[Analyze mode: Browser] Datagram Request from IP: %s hostname: %s via the: %s to: %s. Service: %s' % (Client, Name, Role1, Domain, Role2))) print(text('[Analyze mode: Browser] Datagram Request from IP: %s hostname: %s via the: %s to: %s. Service: %s' % (Client.replace("::ffff:",""), Name, Role1, Domain, Role2)))
RAPInfo = RAPThisDomain(Client, Domain) RAPInfo = RAPThisDomain(Client, Domain)
if RAPInfo is not None: if RAPInfo is not None:
print(RAPInfo) print(RAPInfo)

20
servers/DNS.py
View file

@ -49,35 +49,35 @@ class DNS(BaseRequestHandler):
buff.calculate(NetworkRecvBufferPython2or3(data)) buff.calculate(NetworkRecvBufferPython2or3(data))
soc.sendto(NetworkSendBufferPython2or3(buff), self.client_address) soc.sendto(NetworkSendBufferPython2or3(buff), self.client_address)
ResolveName = re.sub('[^0-9a-zA-Z]+', '.', buff.fields["QuestionName"]) ResolveName = re.sub('[^0-9a-zA-Z]+', '.', buff.fields["QuestionName"])
print(color("[*] [DNS] A Record poisoned answer sent to: %-15s Requested name: %s" % (self.client_address[0], ResolveName), 2, 1)) print(color("[*] [DNS] A Record poisoned answer sent to: %-15s Requested name: %s" % (self.client_address[0].replace("::ffff:",""), ResolveName), 2, 1))
if ParseDNSType(NetworkRecvBufferPython2or3(data)) == "OPTIPv4": if ParseDNSType(NetworkRecvBufferPython2or3(data)) == "OPTIPv4":
buff = DNS_AnsOPT() buff = DNS_AnsOPT()
buff.calculate(NetworkRecvBufferPython2or3(data)) buff.calculate(NetworkRecvBufferPython2or3(data))
soc.sendto(NetworkSendBufferPython2or3(buff), self.client_address) soc.sendto(NetworkSendBufferPython2or3(buff), self.client_address)
ResolveName = re.sub('[^0-9a-zA-Z]+', '.', buff.fields["QuestionName"]) ResolveName = re.sub('[^0-9a-zA-Z]+', '.', buff.fields["QuestionName"])
print(color("[*] [DNS] A OPT Record poisoned answer sent to: %-15s Requested name: %s" % (self.client_address[0], ResolveName), 2, 1)) print(color("[*] [DNS] A OPT Record poisoned answer sent to: %-15s Requested name: %s" % (self.client_address[0].replace("::ffff:",""), ResolveName), 2, 1))
if ParseDNSType(NetworkRecvBufferPython2or3(data)) == "SRV": if ParseDNSType(NetworkRecvBufferPython2or3(data)) == "SRV":
buff = DNS_SRV_Ans() buff = DNS_SRV_Ans()
buff.calculate(NetworkRecvBufferPython2or3(data)) buff.calculate(NetworkRecvBufferPython2or3(data))
soc.sendto(NetworkSendBufferPython2or3(buff), self.client_address) soc.sendto(NetworkSendBufferPython2or3(buff), self.client_address)
ResolveName = re.sub('[^0-9a-zA-Z]+', '.', buff.fields["QuestionName"]) ResolveName = re.sub('[^0-9a-zA-Z]+', '.', buff.fields["QuestionName"])
print(color("[*] [DNS] SRV Record poisoned answer sent to: %-15s Requested name: %s" % (self.client_address[0], ResolveName), 2, 1)) print(color("[*] [DNS] SRV Record poisoned answer sent to: %-15s Requested name: %s" % (self.client_address[0].replace("::ffff:",""), ResolveName), 2, 1))
if ParseDNSType(NetworkRecvBufferPython2or3(data)) == "IPv6": if ParseDNSType(NetworkRecvBufferPython2or3(data)) == "IPv6":
buff = DNS6_Ans() buff = DNS6_Ans()
buff.calculate(NetworkRecvBufferPython2or3(data)) buff.calculate(NetworkRecvBufferPython2or3(data))
soc.sendto(NetworkSendBufferPython2or3(buff), self.client_address) soc.sendto(NetworkSendBufferPython2or3(buff), self.client_address)
ResolveName = re.sub('[^0-9a-zA-Z]+', '.', buff.fields["QuestionName"]) ResolveName = re.sub('[^0-9a-zA-Z]+', '.', buff.fields["QuestionName"])
print(color("[*] [DNS] AAAA Record poisoned answer sent to: %-15s Requested name: %s" % (self.client_address[0], ResolveName), 2, 1)) print(color("[*] [DNS] AAAA Record poisoned answer sent to: %-15s Requested name: %s" % (self.client_address[0].replace("::ffff:",""), ResolveName), 2, 1))
if ParseDNSType(NetworkRecvBufferPython2or3(data)) == "OPTIPv6": if ParseDNSType(NetworkRecvBufferPython2or3(data)) == "OPTIPv6":
buff = DNS6_Ans() buff = DNS6_Ans()
buff.calculate(NetworkRecvBufferPython2or3(data)) buff.calculate(NetworkRecvBufferPython2or3(data))
soc.sendto(NetworkSendBufferPython2or3(buff), self.client_address) soc.sendto(NetworkSendBufferPython2or3(buff), self.client_address)
ResolveName = re.sub('[^0-9a-zA-Z]+', '.', buff.fields["QuestionName"]) ResolveName = re.sub('[^0-9a-zA-Z]+', '.', buff.fields["QuestionName"])
print(color("[*] [DNS] AAAA OPT Record poisoned answer sent to: %-15s Requested name: %s" % (self.client_address[0], ResolveName), 2, 1)) print(color("[*] [DNS] AAAA OPT Record poisoned answer sent to: %-15s Requested name: %s" % (self.client_address[0].replace("::ffff:",""), ResolveName), 2, 1))
except Exception: except Exception:
@ -97,35 +97,35 @@ class DNSTCP(BaseRequestHandler):
buff.calculate(NetworkRecvBufferPython2or3(data)) buff.calculate(NetworkRecvBufferPython2or3(data))
self.request.send(NetworkSendBufferPython2or3(buff)) self.request.send(NetworkSendBufferPython2or3(buff))
ResolveName = re.sub('[^0-9a-zA-Z]+', '.', buff.fields["QuestionName"]) ResolveName = re.sub('[^0-9a-zA-Z]+', '.', buff.fields["QuestionName"])
print(color("[*] [DNS] A Record poisoned answer sent to: %-15s Requested name: %s" % (self.client_address[0], ResolveName), 2, 1)) print(color("[*] [DNS] A Record poisoned answer sent to: %-15s Requested name: %s" % (self.client_address[0].replace("::ffff:",""), ResolveName), 2, 1))
if ParseDNSType(NetworkRecvBufferPython2or3(data)) == "OPTIPv4": if ParseDNSType(NetworkRecvBufferPython2or3(data)) == "OPTIPv4":
buff = DNS_AnsOPT() buff = DNS_AnsOPT()
buff.calculate(NetworkRecvBufferPython2or3(data)) buff.calculate(NetworkRecvBufferPython2or3(data))
self.request.send(NetworkSendBufferPython2or3(buff)) self.request.send(NetworkSendBufferPython2or3(buff))
ResolveName = re.sub('[^0-9a-zA-Z]+', '.', buff.fields["QuestionName"]) ResolveName = re.sub('[^0-9a-zA-Z]+', '.', buff.fields["QuestionName"])
print(color("[*] [DNS] A OPT Record poisoned answer sent to: %-15s Requested name: %s" % (self.client_address[0], ResolveName), 2, 1)) print(color("[*] [DNS] A OPT Record poisoned answer sent to: %-15s Requested name: %s" % (self.client_address[0].replace("::ffff:",""), ResolveName), 2, 1))
if ParseDNSType(NetworkRecvBufferPython2or3(data)) == "SRV": if ParseDNSType(NetworkRecvBufferPython2or3(data)) == "SRV":
buff = DNS_SRV_Ans() buff = DNS_SRV_Ans()
buff.calculate(NetworkRecvBufferPython2or3(data)) buff.calculate(NetworkRecvBufferPython2or3(data))
self.request.send(NetworkSendBufferPython2or3(buff)) self.request.send(NetworkSendBufferPython2or3(buff))
ResolveName = re.sub('[^0-9a-zA-Z]+', '.', buff.fields["QuestionName"]) ResolveName = re.sub('[^0-9a-zA-Z]+', '.', buff.fields["QuestionName"])
print(color("[*] [DNS] SRV Record poisoned answer sent: %-15s Requested name: %s" % (self.client_address[0], ResolveName), 2, 1)) print(color("[*] [DNS] SRV Record poisoned answer sent: %-15s Requested name: %s" % (self.client_address[0].replace("::ffff:",""), ResolveName), 2, 1))
if ParseDNSType(NetworkRecvBufferPython2or3(data)) == "IPv6": if ParseDNSType(NetworkRecvBufferPython2or3(data)) == "IPv6":
buff = DNS6_Ans() buff = DNS6_Ans()
buff.calculate(NetworkRecvBufferPython2or3(data)) buff.calculate(NetworkRecvBufferPython2or3(data))
self.request.send(NetworkSendBufferPython2or3(buff)) self.request.send(NetworkSendBufferPython2or3(buff))
ResolveName = re.sub('[^0-9a-zA-Z]+', '.', buff.fields["QuestionName"]) ResolveName = re.sub('[^0-9a-zA-Z]+', '.', buff.fields["QuestionName"])
print(color("[*] [DNS] AAAA Record poisoned answer sent: %-15s Requested name: %s" % (self.client_address[0], ResolveName), 2, 1)) print(color("[*] [DNS] AAAA Record poisoned answer sent: %-15s Requested name: %s" % (self.client_address[0].replace("::ffff:",""), ResolveName), 2, 1))
if ParseDNSType(NetworkRecvBufferPython2or3(data)) == "OPTIPv6": if ParseDNSType(NetworkRecvBufferPython2or3(data)) == "OPTIPv6":
buff = DNS6_AnsOPT() buff = DNS6_AnsOPT()
buff.calculate(NetworkRecvBufferPython2or3(data)) buff.calculate(NetworkRecvBufferPython2or3(data))
self.request.send(NetworkSendBufferPython2or3(buff)) self.request.send(NetworkSendBufferPython2or3(buff))
ResolveName = re.sub('[^0-9a-zA-Z]+', '.', buff.fields["QuestionName"]) ResolveName = re.sub('[^0-9a-zA-Z]+', '.', buff.fields["QuestionName"])
print(color("[*] [DNS] AAAA OPT Record poisoned answer sent: %-15s Requested name: %s" % (self.client_address[0], ResolveName), 2, 1)) print(color("[*] [DNS] AAAA OPT Record poisoned answer sent: %-15s Requested name: %s" % (self.client_address[0].replace("::ffff:",""), ResolveName), 2, 1))
except Exception: except Exception:
pass pass

10
servers/HTTP.py
View file

@ -205,7 +205,7 @@ def PacketSequence(data, client, Challenge):
ParseHTTPHash(NTLM_Auth, Challenge, client, module) ParseHTTPHash(NTLM_Auth, Challenge, client, module)
if settings.Config.Force_WPAD_Auth and WPAD_Custom: if settings.Config.Force_WPAD_Auth and WPAD_Custom:
print(text("[HTTP] WPAD (auth) file sent to %s" % client)) print(text("[HTTP] WPAD (auth) file sent to %s" % client.replace("::ffff:","")))
return WPAD_Custom return WPAD_Custom
else: else:
@ -230,7 +230,7 @@ def PacketSequence(data, client, Challenge):
if settings.Config.Force_WPAD_Auth and WPAD_Custom: if settings.Config.Force_WPAD_Auth and WPAD_Custom:
if settings.Config.Verbose: if settings.Config.Verbose:
print(text("[HTTP] WPAD (auth) file sent to %s" % client)) print(text("[HTTP] WPAD (auth) file sent to %s" % client.replace("::ffff:","")))
return WPAD_Custom return WPAD_Custom
else: else:
@ -241,12 +241,12 @@ def PacketSequence(data, client, Challenge):
if settings.Config.Basic: if settings.Config.Basic:
Response = IIS_Basic_401_Ans() Response = IIS_Basic_401_Ans()
if settings.Config.Verbose: if settings.Config.Verbose:
print(text("[HTTP] Sending BASIC authentication request to %s" % client)) print(text("[HTTP] Sending BASIC authentication request to %s" % client.replace("::ffff:","")))
else: else:
Response = IIS_Auth_401_Ans() Response = IIS_Auth_401_Ans()
if settings.Config.Verbose: if settings.Config.Verbose:
print(text("[HTTP] Sending NTLM authentication request to %s" % client)) print(text("[HTTP] Sending NTLM authentication request to %s" % client.replace("::ffff:","")))
return Response return Response
@ -290,7 +290,7 @@ class HTTP(BaseRequestHandler):
self.request.send(NetworkSendBufferPython2or3(Buffer)) self.request.send(NetworkSendBufferPython2or3(Buffer))
self.request.close() self.request.close()
if settings.Config.Verbose: if settings.Config.Verbose:
print(text("[HTTP] WPAD (no auth) file sent to %s" % self.client_address[0])) print(text("[HTTP] WPAD (no auth) file sent to %s" % self.client_address[0].replace("::ffff:","")))
else: else:
Buffer = PacketSequence(data,self.client_address[0], Challenge) Buffer = PacketSequence(data,self.client_address[0], Challenge)

4
servers/HTTP_Proxy.py
View file

@ -209,7 +209,7 @@ class HTTP_Proxy(BaseHTTPServer.BaseHTTPRequestHandler):
def handle(self): def handle(self):
(ip, port) = self.client_address[0], self.client_address[1] (ip, port) = self.client_address[0], self.client_address[1]
if settings.Config.Verbose: if settings.Config.Verbose:
print(text("[PROXY] Received connection from %s" % self.client_address[0])) print(text("[PROXY] Received connection from %s" % self.client_address[0].replace("::ffff:","")))
self.__base_handle() self.__base_handle()
def _connect_to(self, netloc, soc): def _connect_to(self, netloc, soc):
@ -286,7 +286,7 @@ class HTTP_Proxy(BaseHTTPServer.BaseHTTPRequestHandler):
Cookie = self.headers['Cookie'] if "Cookie" in self.headers else '' Cookie = self.headers['Cookie'] if "Cookie" in self.headers else ''
if settings.Config.Verbose: if settings.Config.Verbose:
print(text("[PROXY] Client : %s" % color(self.client_address[0], 3))) print(text("[PROXY] Client : %s" % color(self.client_address[0].replace("::ffff:",""), 3)))
print(text("[PROXY] Requested URL : %s" % color(self.path, 3))) print(text("[PROXY] Requested URL : %s" % color(self.path, 3)))
print(text("[PROXY] Cookie : %s" % Cookie)) print(text("[PROXY] Cookie : %s" % Cookie))

2
servers/LDAP.py
View file

@ -173,7 +173,7 @@ def ParseCLDAPPacket(data, client, Challenge):
elif Operation == b'\x63': elif Operation == b'\x63':
Buffer = ParseSearch(data) Buffer = ParseSearch(data)
print(text('[CLDAP] Sent CLDAP pong to %s.'% client)) print(text('[CLDAP] Sent CLDAP pong to %s.'% client.replace("::ffff:","")))
return Buffer return Buffer
elif settings.Config.Verbose: elif settings.Config.Verbose:

2
servers/MSSQL.py
View file

@ -134,7 +134,7 @@ class MSSQL(BaseRequestHandler):
if not data: if not data:
break break
if settings.Config.Verbose: if settings.Config.Verbose:
print(text("[MSSQL] Received connection from %s" % self.client_address[0])) print(text("[MSSQL] Received connection from %s" % self.client_address[0].replace("::ffff:","")))
if data[0] == b"\x12" or data[0] == 18: # Pre-Login Message if data[0] == b"\x12" or data[0] == 18: # Pre-Login Message
Buffer = str(MSSQLPreLoginAnswer()) Buffer = str(MSSQLPreLoginAnswer())
self.request.send(NetworkSendBufferPython2or3(Buffer)) self.request.send(NetworkSendBufferPython2or3(Buffer))

4
servers/Proxy_Auth.py
View file

@ -57,7 +57,7 @@ def PacketSequence(data, client, Challenge):
Packet_NTLM = b64decode(''.join(NTLM_Auth))[8:9] Packet_NTLM = b64decode(''.join(NTLM_Auth))[8:9]
if Packet_NTLM == b'\x01': if Packet_NTLM == b'\x01':
if settings.Config.Verbose: if settings.Config.Verbose:
print(text("[Proxy-Auth] Sending NTLM authentication request to %s" % client)) print(text("[Proxy-Auth] Sending NTLM authentication request to %s" % client.replace("::ffff:","")))
Buffer = NTLM_Challenge(ServerChallenge=NetworkRecvBufferPython2or3(Challenge)) Buffer = NTLM_Challenge(ServerChallenge=NetworkRecvBufferPython2or3(Challenge))
Buffer.calculate() Buffer.calculate()
Buffer_Ans = WPAD_NTLM_Challenge_Ans(Payload = b64encode(NetworkSendBufferPython2or3(Buffer)).decode('latin-1')) Buffer_Ans = WPAD_NTLM_Challenge_Ans(Payload = b64encode(NetworkSendBufferPython2or3(Buffer)).decode('latin-1'))
@ -93,7 +93,7 @@ def PacketSequence(data, client, Challenge):
if settings.Config.Basic: if settings.Config.Basic:
Response = WPAD_Basic_407_Ans() Response = WPAD_Basic_407_Ans()
if settings.Config.Verbose: if settings.Config.Verbose:
print(text("[Proxy-Auth] Sending BASIC authentication request to %s" % client)) print(text("[Proxy-Auth] Sending BASIC authentication request to %s" % client.replace("::ffff:","")))
else: else:
Response = WPAD_Auth_407_Ans() Response = WPAD_Auth_407_Ans()

10
servers/RDP.py
View file

@ -98,6 +98,11 @@ class RDP(BaseRequestHandler):
self.request.settimeout(30) self.request.settimeout(30)
Challenge = RandomChallenge() Challenge = RandomChallenge()
cert = os.path.join(settings.Config.ResponderPATH, settings.Config.SSLCert)
key = os.path.join(settings.Config.ResponderPATH, settings.Config.SSLKey)
context = ssl.SSLContext(ssl.PROTOCOL_TLS_SERVER)
context.load_cert_chain(cert, key)
if data[11:12] == b'\x01': if data[11:12] == b'\x01':
x = X224(Data=RDPNEGOAnswer()) x = X224(Data=RDPNEGOAnswer())
x.calculate() x.calculate()
@ -105,7 +110,7 @@ class RDP(BaseRequestHandler):
h.calculate() h.calculate()
buffer1 = str(h) buffer1 = str(h)
self.request.send(NetworkSendBufferPython2or3(buffer1)) self.request.send(NetworkSendBufferPython2or3(buffer1))
SSLsock = ssl.wrap_socket(self.request, certfile=cert, keyfile=key, ssl_version=ssl.PROTOCOL_TLS_SERVER,server_side=True) SSLsock = context.wrap_socket(self.request, server_side=True)
SSLsock.settimeout(30) SSLsock.settimeout(30)
data = SSLsock.read(8092) data = SSLsock.read(8092)
if FindNTLMNegoStep(data) == b'\x01\x00\x00\x00': if FindNTLMNegoStep(data) == b'\x01\x00\x00\x00':
@ -125,8 +130,7 @@ class RDP(BaseRequestHandler):
buffer1 = str(h) buffer1 = str(h)
self.request.send(NetworkSendBufferPython2or3(buffer1)) self.request.send(NetworkSendBufferPython2or3(buffer1))
data = self.request.recv(8092) data = self.request.recv(8092)
SSLsock = context.wrap_socket(self.request, server_side=True)
SSLsock = ssl.wrap_socket(self.request, certfile=cert, keyfile=key, ssl_version=ssl.PROTOCOL_TLS,server_side=True)
data = SSLsock.read(8092) data = SSLsock.read(8092)
if FindNTLMNegoStep(data) == b'\x01\x00\x00\x00': if FindNTLMNegoStep(data) == b'\x01\x00\x00\x00':
x = RDPNTLMChallengeAnswer(NTLMSSPNtServerChallenge=NetworkRecvBufferPython2or3(Challenge)) x = RDPNTLMChallengeAnswer(NTLMSSPNtServerChallenge=NetworkRecvBufferPython2or3(Challenge))

6
servers/RPC.py
View file

@ -144,7 +144,7 @@ class RPCMap(BaseRequestHandler):
RPC.calculate() RPC.calculate()
self.request.send(NetworkSendBufferPython2or3(str(RPC))) self.request.send(NetworkSendBufferPython2or3(str(RPC)))
data = self.request.recv(1024) data = self.request.recv(1024)
print(color("[*] [DCE-RPC Mapper] Redirected %-15sto DSRUAPI auth server." % (self.client_address[0]), 3, 1)) print(color("[*] [DCE-RPC Mapper] Redirected %-15sto DSRUAPI auth server." % (self.client_address[0].replace("::ffff:","")), 3, 1))
self.request.close() self.request.close()
#LSARPC #LSARPC
@ -155,7 +155,7 @@ class RPCMap(BaseRequestHandler):
RPC.calculate() RPC.calculate()
self.request.send(NetworkSendBufferPython2or3(str(RPC))) self.request.send(NetworkSendBufferPython2or3(str(RPC)))
data = self.request.recv(1024) data = self.request.recv(1024)
print(color("[*] [DCE-RPC Mapper] Redirected %-15sto LSARPC auth server." % (self.client_address[0]), 3, 1)) print(color("[*] [DCE-RPC Mapper] Redirected %-15sto LSARPC auth server." % (self.client_address[0].replace("::ffff:","")), 3, 1))
self.request.close() self.request.close()
#WINSPOOL #WINSPOOL
@ -166,7 +166,7 @@ class RPCMap(BaseRequestHandler):
RPC.calculate() RPC.calculate()
self.request.send(NetworkSendBufferPython2or3(str(RPC))) self.request.send(NetworkSendBufferPython2or3(str(RPC)))
data = self.request.recv(1024) data = self.request.recv(1024)
print(color("[*] [DCE-RPC Mapper] Redirected %-15sto WINSPOOL auth server." % (self.client_address[0]), 3, 1)) print(color("[*] [DCE-RPC Mapper] Redirected %-15sto WINSPOOL auth server." % (self.client_address[0].replace("::ffff:","")), 3, 1))
self.request.close() self.request.close()
#NetLogon #NetLogon

1
servers/SMB.py
View file

@ -206,7 +206,6 @@ class SMB1(BaseRequestHandler): # SMB1 & SMB2 Server class, NTLMSSP
self.request.send(Buffer) self.request.send(Buffer)
data = self.request.recv(1024) data = self.request.recv(1024)
except: except:
raise
pass pass
##Negotiate proto answer SMBv2. ##Negotiate proto answer SMBv2.

4
servers/WinRM.py
View file

@ -127,12 +127,12 @@ def PacketSequence(data, client, Challenge):
if settings.Config.Basic: if settings.Config.Basic:
Response = IIS_Basic_401_Ans() Response = IIS_Basic_401_Ans()
if settings.Config.Verbose: if settings.Config.Verbose:
print(text("[WinRM] Sending BASIC authentication request to %s" % client)) print(text("[WinRM] Sending BASIC authentication request to %s" % client.replace("::ffff:","")))
else: else:
Response = IIS_Auth_401_Ans() Response = IIS_Auth_401_Ans()
if settings.Config.Verbose: if settings.Config.Verbose:
print(text("[WinRM] Sending NTLM authentication request to %s" % client)) print(text("[WinRM] Sending NTLM authentication request to %s" % client.replace("::ffff:","")))
return Response return Response

2
settings.py
View file

@ -23,7 +23,7 @@ import subprocess
from utils import * from utils import *
__version__ = 'Responder 3.1.1.0' __version__ = 'Responder 3.1.3.0'
class Settings: class Settings:

8
utils.py
View file

@ -317,7 +317,7 @@ def SaveToDb(result):
for k in [ 'module', 'type', 'client', 'hostname', 'user', 'cleartext', 'hash', 'fullhash' ]: for k in [ 'module', 'type', 'client', 'hostname', 'user', 'cleartext', 'hash', 'fullhash' ]:
if not k in result: if not k in result:
result[k] = '' result[k] = ''
result['client'] = result['client'].replace("::ffff:","")
if len(result['user']) < 2: if len(result['user']) < 2:
print(color('[*] Skipping one character username: %s' % result['user'], 3, 1)) print(color('[*] Skipping one character username: %s' % result['user'], 3, 1))
text("[*] Skipping one character username: %s" % result['user']) text("[*] Skipping one character username: %s" % result['user'])
@ -393,7 +393,7 @@ def SavePoisonersToDb(result):
for k in [ 'Poisoner', 'SentToIp', 'ForName', 'AnalyzeMode' ]: for k in [ 'Poisoner', 'SentToIp', 'ForName', 'AnalyzeMode' ]:
if not k in result: if not k in result:
result[k] = '' result[k] = ''
result['SentToIp'] = result['SentToIp'].replace("::ffff:","")
cursor = sqlite3.connect(settings.Config.DatabaseFile) cursor = sqlite3.connect(settings.Config.DatabaseFile)
cursor.text_factory = sqlite3.Binary # We add a text factory to support different charsets cursor.text_factory = sqlite3.Binary # We add a text factory to support different charsets
res = cursor.execute("SELECT COUNT(*) AS count FROM Poisoned WHERE Poisoner=? AND SentToIp=? AND ForName=? AND AnalyzeMode=?", (result['Poisoner'], result['SentToIp'], result['ForName'], result['AnalyzeMode'])) res = cursor.execute("SELECT COUNT(*) AS count FROM Poisoned WHERE Poisoner=? AND SentToIp=? AND ForName=? AND AnalyzeMode=?", (result['Poisoner'], result['SentToIp'], result['ForName'], result['AnalyzeMode']))
@ -476,6 +476,10 @@ def banner():
print(banner) print(banner)
print("\n \033[1;33mNBT-NS, LLMNR & MDNS %s\033[0m" % settings.__version__) print("\n \033[1;33mNBT-NS, LLMNR & MDNS %s\033[0m" % settings.__version__)
print('') print('')
print(" To support this project:")
print(" Patreon -> https://www.patreon.com/PythonResponder")
print(" Paypal -> https://paypal.me/PythonResponder")
print('')
print(" Author: Laurent Gaffie (laurent.gaffie@gmail.com)") print(" Author: Laurent Gaffie (laurent.gaffie@gmail.com)")
print(" To kill this script hit CTRL-C") print(" To kill this script hit CTRL-C")
print('') print('')