added DHCP db & updated the report script to reflect that

2025-07-06 04:51:23 -07:00 · 2021-11-30 22:21:55 -03:00 · 2021-11-30 22:21:55 -03:00 · 1dfa997da8
commit 1dfa997da8
parent 0bf23d632b
3 changed files with 39 additions and 5 deletions
--- a/Report.py
+++ b/Report.py
@ -39,7 +39,7 @@ def GetResponderData(cursor):
 def GetResponderUsernamesStatistic(cursor):
     res = cursor.execute("SELECT COUNT(DISTINCT UPPER(user)) FROM Responder")
     for row in res.fetchall():
-         print(color('[+] In total {0} unique user accounts were captured.'.format(row[0]), code = 2, modifier = 1))
+         print(color('\n[+] In total {0} unique user accounts were captured.'.format(row[0]), code = 2, modifier = 1))

 def GetResponderUsernames(cursor):
     res = cursor.execute("SELECT DISTINCT user FROM Responder")
@ -62,11 +62,15 @@ def GetUniqueLookups(cursor):
     for row in res.fetchall():
         print('IP: {0}, Protocol: {1}, Looking for name: {2}'.format(row[2], row[1], row[3]))

-
+def GetUniqueDHCP(cursor):
+     res = cursor.execute("SELECT * FROM DHCP WHERE MAC in (SELECT DISTINCT UPPER(MAC) FROM DHCP)")
+     for row in res.fetchall():
+         print('MAC: {0}, IP: {1}, RequestedIP: {2}'.format(row[1], row[2], row[3]))
+         
 def GetStatisticUniqueLookups(cursor):
     res = cursor.execute("SELECT COUNT(*) FROM Poisoned WHERE ForName in (SELECT DISTINCT UPPER(ForName) FROM Poisoned)")
     for row in res.fetchall():
-         print(color('[+] In total {0} unique queries were poisoned.'.format(row[0]), code = 2, modifier = 1))
+         print(color('\n[+] In total {0} unique queries were poisoned.'.format(row[0]), code = 2, modifier = 1))


 def SavePoisonersToDb(result):
@ -82,8 +86,11 @@ def SaveToDb(result):
 			result[k] = ''

 cursor = DbConnect()
-print(color("[+] Generating report...", code = 3, modifier = 1))
-print(color("[+] Unique lookups ordered by IP:", code = 2, modifier = 1))
+print(color("[+] Generating report...\n", code = 3, modifier = 1))
+
+print(color("[+] DHCP Query Poisoned:", code = 2, modifier = 1))
+GetUniqueDHCP(cursor)
+print(color("\n[+] Unique lookups ordered by IP:", code = 2, modifier = 1))
 GetUniqueLookups(cursor)
 GetStatisticUniqueLookups(cursor)
 print(color("\n[+] Extracting captured usernames:", code = 2, modifier = 1))
--- a/poisoners/DHCP.py
+++ b/poisoners/DHCP.py
@ -263,6 +263,11 @@ def ParseDHCPCode(data, ClientIP):
                Buffer.calculate()
                SendDHCP(str(IP_Header)+str(Buffer), (IPConv, 68))
                DHCPClient.append(MacAddrStr)
+                SaveDHCPToDb({
+                              'MAC': MacAddrStr, 
+                              'IP': CurrentIP, 
+                              'RequestedIP': IPConv,
+                             })
                return 'Acknowledged DHCP Request for IP: %s, Req IP: %s, MAC: %s' % (CurrentIP, IPConv, MacAddrStr)

    elif OpCode == b"\x01" and Respond_To_Requests:  # DHCP Discover
@ -277,6 +282,11 @@ def ParseDHCPCode(data, ClientIP):
                Buffer.calculate()
                SendDHCP(str(IP_Header)+str(Buffer), (IPConv, 0))
                DHCPClient.append(MacAddrStr)
+                SaveDHCPToDb({
+                              'MAC': MacAddrStr, 
+                              'IP': CurrentIP, 
+                              'RequestedIP': IPConv,
+                             })
                return 'Acknowledged DHCP Discover for IP: %s, Req IP: %s, MAC: %s' % (CurrentIP, IPConv, MacAddrStr)

 def SendDiscover():
--- a/utils.py
+++ b/utils.py
@ -210,6 +210,8 @@ def CreateResponderDb():
 		cursor.commit()
 		cursor.execute('CREATE TABLE responder (timestamp TEXT, module TEXT, type TEXT, client TEXT, hostname TEXT, user TEXT, cleartext TEXT, hash TEXT, fullhash TEXT)')
 		cursor.commit()
+		cursor.execute('CREATE TABLE DHCP (timestamp TEXT, MAC TEXT, IP TEXT, RequestedIP TEXT)')
+		cursor.commit()
 		cursor.close()

 def SaveToDb(result):
@ -305,7 +307,22 @@ def SavePoisonersToDb(result):

 	cursor.close()

+def SaveDHCPToDb(result):
+	for k in [ 'MAC', 'IP', 'RequestedIP']:
+		if not k in result:
+			result[k] = ''

+	cursor = sqlite3.connect(settings.Config.DatabaseFile)
+	cursor.text_factory = sqlite3.Binary  # We add a text factory to support different charsets
+	res = cursor.execute("SELECT COUNT(*) AS count FROM DHCP WHERE MAC=? AND IP=? AND RequestedIP=?", (result['MAC'], result['IP'], result['RequestedIP']))
+	(count,) = res.fetchone()
+        
+	if not count:
+		cursor.execute("INSERT INTO DHCP VALUES(datetime('now'), ?, ?, ?)", (result['MAC'], result['IP'], result['RequestedIP']))
+		cursor.commit()
+
+	cursor.close()
+	
 def Parse_IPV6_Addr(data):
 	if data[len(data)-4:len(data)][1] ==b'\x1c':
 		return False