diff --git a/Responder.conf b/Responder.conf index 3b66777..70cf097 100644 --- a/Responder.conf +++ b/Responder.conf @@ -49,7 +49,7 @@ DontRespondTo = DontRespondToName = ISATAP ; If set to On, we will stop answering further requests from a host -; if a hash hash been previously captured for this host. +; if a hash has been previously captured for this host. AutoIgnoreAfterSuccess = Off ; If set to On, we will send ACCOUNT_DISABLED when the client tries @@ -57,6 +57,11 @@ AutoIgnoreAfterSuccess = Off ; This may break file serving and is useful only for hash capture CaptureMultipleCredentials = On +; If set to On, we will write to file all hashes captured from the same host. +; In this case, Responder will log from 172.16.0.12 all user hashes: domain\toto, +; domain\popo, domain\zozo. Recommended value: On, capture everything. +CaptureMultipleHashFromSameHost = On + [HTTP Server] ; Set to On to always serve the custom EXE diff --git a/settings.py b/settings.py index f1fbde7..4ce59d5 100644 --- a/settings.py +++ b/settings.py @@ -147,9 +147,10 @@ class Settings: self.DontRespondToName = filter(None, [x.upper().strip() for x in config.get('Responder Core', 'DontRespondToName').strip().split(',')]) # Auto Ignore List - self.AutoIgnore = self.toBool(config.get('Responder Core', 'AutoIgnoreAfterSuccess')) - self.CaptureMultipleCredentials = self.toBool(config.get('Responder Core', 'CaptureMultipleCredentials')) - self.AutoIgnoreList = [] + self.AutoIgnore = self.toBool(config.get('Responder Core', 'AutoIgnoreAfterSuccess')) + self.CaptureMultipleCredentials = self.toBool(config.get('Responder Core', 'CaptureMultipleCredentials')) + self.CaptureMultipleHashFromSameHost = self.toBool(config.get('Responder Core', 'CaptureMultipleHashFromSameHost')) + self.AutoIgnoreList = [] # CLI options self.ExternalIP = options.ExternalIP diff --git a/utils.py b/utils.py index d407172..433d9e1 100644 --- a/utils.py +++ b/utils.py @@ -157,7 +157,7 @@ def SaveToDb(result): cursor.text_factory = sqlite3.Binary # We add a text factory to support different charsets res = cursor.execute("SELECT COUNT(*) AS count FROM responder WHERE module=? AND type=? AND client=? AND LOWER(user)=LOWER(?)", (result['module'], result['type'], result['client'], result['user'])) (count,) = res.fetchone() - + if not count: with open(logfile,"a") as outf: if len(result['cleartext']): # If we obtained cleartext credentials, write them to file @@ -168,6 +168,12 @@ def SaveToDb(result): cursor.execute("INSERT INTO responder VALUES(datetime('now'), ?, ?, ?, ?, ?, ?, ?, ?)", (result['module'], result['type'], result['client'], result['hostname'], result['user'], result['cleartext'], result['hash'], result['fullhash'])) cursor.commit() + if settings.Config.CaptureMultipleHashFromSameHost: + with open(logfile,"a") as outf: + if len(result['cleartext']): # If we obtained cleartext credentials, write them to file + outf.write('%s:%s\n' % (result['user'].encode('utf8', 'replace'), result['cleartext'].encode('utf8', 'replace'))) + else: # Otherwise, write JtR-style hash string to file + outf.write(result['fullhash'].encode('utf8', 'replace') + '\n') if not count or settings.Config.Verbose: # Print output if len(result['client']):