diff --git a/Report.py b/Report.py index 7cd5e86..b3ab450 100755 --- a/Report.py +++ b/Report.py @@ -39,7 +39,7 @@ def GetResponderData(cursor): def GetResponderUsernamesStatistic(cursor): res = cursor.execute("SELECT COUNT(DISTINCT UPPER(user)) FROM Responder") for row in res.fetchall(): - print(color('[+] In total {0} unique user accounts were captured.'.format(row[0]), code = 2, modifier = 1)) + print(color('\n[+] In total {0} unique user accounts were captured.'.format(row[0]), code = 2, modifier = 1)) def GetResponderUsernames(cursor): res = cursor.execute("SELECT DISTINCT user FROM Responder") @@ -62,11 +62,15 @@ def GetUniqueLookups(cursor): for row in res.fetchall(): print('IP: {0}, Protocol: {1}, Looking for name: {2}'.format(row[2], row[1], row[3])) - +def GetUniqueDHCP(cursor): + res = cursor.execute("SELECT * FROM DHCP WHERE MAC in (SELECT DISTINCT UPPER(MAC) FROM DHCP)") + for row in res.fetchall(): + print('MAC: {0}, IP: {1}, RequestedIP: {2}'.format(row[1], row[2], row[3])) + def GetStatisticUniqueLookups(cursor): res = cursor.execute("SELECT COUNT(*) FROM Poisoned WHERE ForName in (SELECT DISTINCT UPPER(ForName) FROM Poisoned)") for row in res.fetchall(): - print(color('[+] In total {0} unique queries were poisoned.'.format(row[0]), code = 2, modifier = 1)) + print(color('\n[+] In total {0} unique queries were poisoned.'.format(row[0]), code = 2, modifier = 1)) def SavePoisonersToDb(result): @@ -82,8 +86,11 @@ def SaveToDb(result): result[k] = '' cursor = DbConnect() -print(color("[+] Generating report...", code = 3, modifier = 1)) -print(color("[+] Unique lookups ordered by IP:", code = 2, modifier = 1)) +print(color("[+] Generating report...\n", code = 3, modifier = 1)) + +print(color("[+] DHCP Query Poisoned:", code = 2, modifier = 1)) +GetUniqueDHCP(cursor) +print(color("\n[+] Unique lookups ordered by IP:", code = 2, modifier = 1)) GetUniqueLookups(cursor) GetStatisticUniqueLookups(cursor) print(color("\n[+] Extracting captured usernames:", code = 2, modifier = 1)) diff --git a/poisoners/DHCP.py b/poisoners/DHCP.py index 2019a29..88fea03 100755 --- a/poisoners/DHCP.py +++ b/poisoners/DHCP.py @@ -263,6 +263,11 @@ def ParseDHCPCode(data, ClientIP): Buffer.calculate() SendDHCP(str(IP_Header)+str(Buffer), (IPConv, 68)) DHCPClient.append(MacAddrStr) + SaveDHCPToDb({ + 'MAC': MacAddrStr, + 'IP': CurrentIP, + 'RequestedIP': IPConv, + }) return 'Acknowledged DHCP Request for IP: %s, Req IP: %s, MAC: %s' % (CurrentIP, IPConv, MacAddrStr) elif OpCode == b"\x01" and Respond_To_Requests: # DHCP Discover @@ -277,6 +282,11 @@ def ParseDHCPCode(data, ClientIP): Buffer.calculate() SendDHCP(str(IP_Header)+str(Buffer), (IPConv, 0)) DHCPClient.append(MacAddrStr) + SaveDHCPToDb({ + 'MAC': MacAddrStr, + 'IP': CurrentIP, + 'RequestedIP': IPConv, + }) return 'Acknowledged DHCP Discover for IP: %s, Req IP: %s, MAC: %s' % (CurrentIP, IPConv, MacAddrStr) def SendDiscover(): diff --git a/utils.py b/utils.py index 11feda0..6cae8c4 100755 --- a/utils.py +++ b/utils.py @@ -210,6 +210,8 @@ def CreateResponderDb(): cursor.commit() cursor.execute('CREATE TABLE responder (timestamp TEXT, module TEXT, type TEXT, client TEXT, hostname TEXT, user TEXT, cleartext TEXT, hash TEXT, fullhash TEXT)') cursor.commit() + cursor.execute('CREATE TABLE DHCP (timestamp TEXT, MAC TEXT, IP TEXT, RequestedIP TEXT)') + cursor.commit() cursor.close() def SaveToDb(result): @@ -305,7 +307,22 @@ def SavePoisonersToDb(result): cursor.close() +def SaveDHCPToDb(result): + for k in [ 'MAC', 'IP', 'RequestedIP']: + if not k in result: + result[k] = '' + cursor = sqlite3.connect(settings.Config.DatabaseFile) + cursor.text_factory = sqlite3.Binary # We add a text factory to support different charsets + res = cursor.execute("SELECT COUNT(*) AS count FROM DHCP WHERE MAC=? AND IP=? AND RequestedIP=?", (result['MAC'], result['IP'], result['RequestedIP'])) + (count,) = res.fetchone() + + if not count: + cursor.execute("INSERT INTO DHCP VALUES(datetime('now'), ?, ?, ?)", (result['MAC'], result['IP'], result['RequestedIP'])) + cursor.commit() + + cursor.close() + def Parse_IPV6_Addr(data): if data[len(data)-4:len(data)][1] ==b'\x1c': return False