mirror of
https://github.com/lgandx/Responder.git
synced 2025-07-08 05:50:58 -07:00
Added a check for MSSQL
This commit is contained in:
lgandx
parent
3cd5140c80
commit
568048710f
2 changed files with 23 additions and 16 deletions
|
|
@ -74,7 +74,7 @@ def GetUniqueDHCP(cursor):
|
||||||
def GetRunFinger(cursor):
|
def GetRunFinger(cursor):
|
||||||
res = cursor.execute("SELECT * FROM RunFinger WHERE Host in (SELECT DISTINCT Host FROM RunFinger)")
|
res = cursor.execute("SELECT * FROM RunFinger WHERE Host in (SELECT DISTINCT Host FROM RunFinger)")
|
||||||
for row in res.fetchall():
|
for row in res.fetchall():
|
||||||
print(("{},['{}', Os:'{}', Build:'{}', Domain:'{}', Bootime:'{}', Signing:'{}', Null Session: '{}', RDP:'{}']".format(row[1], row[2], row[3], row[4], row[5], row[6], row[7], row[8], row[9])))
|
print(("{},['{}', Os:'{}', Build:'{}', Domain:'{}', Bootime:'{}', Signing:'{}', Null Session: '{}', RDP:'{}', SMB1:'{}', MSSQL:'{}']".format(row[1], row[2], row[3], row[4], row[5], row[6], row[7], row[8], row[9], row[10], row[11])))
|
||||||
|
|
||||||
def GetStatisticUniqueLookups(cursor):
|
def GetStatisticUniqueLookups(cursor):
|
||||||
res = cursor.execute("SELECT COUNT(*) FROM Poisoned WHERE ForName in (SELECT DISTINCT UPPER(ForName) FROM Poisoned)")
|
res = cursor.execute("SELECT COUNT(*) FROM Poisoned WHERE ForName in (SELECT DISTINCT UPPER(ForName) FROM Poisoned)")
|
||||||
|
|
|
||||||
|
|
@ -26,7 +26,7 @@ from odict import OrderedDict
|
||||||
from socket import *
|
from socket import *
|
||||||
from odict import OrderedDict
|
from odict import OrderedDict
|
||||||
|
|
||||||
__version__ = "1.7"
|
__version__ = "1.8"
|
||||||
|
|
||||||
parser = optparse.OptionParser(usage='python %prog -i 10.10.10.224\nor:\npython %prog -i 10.10.10.0/24', version=__version__, prog=sys.argv[0])
|
parser = optparse.OptionParser(usage='python %prog -i 10.10.10.224\nor:\npython %prog -i 10.10.10.0/24', version=__version__, prog=sys.argv[0])
|
||||||
|
|
||||||
|
|
@ -44,7 +44,7 @@ if options.TARGET == None and options.Filename == None:
|
||||||
Timeout = options.Timeout
|
Timeout = options.Timeout
|
||||||
Host = options.TARGET
|
Host = options.TARGET
|
||||||
Filename = options.Filename
|
Filename = options.Filename
|
||||||
SMB1 = "Enabled"
|
SMB1 = "True"
|
||||||
SMB2signing = "False"
|
SMB2signing = "False"
|
||||||
DB = os.path.abspath(os.path.join(os.path.dirname(__file__)))+"/RunFinger.db"
|
DB = os.path.abspath(os.path.join(os.path.dirname(__file__)))+"/RunFinger.db"
|
||||||
|
|
||||||
|
|
@ -70,7 +70,7 @@ else:
|
||||||
|
|
||||||
if not os.path.exists(DB):
|
if not os.path.exists(DB):
|
||||||
cursor = sqlite3.connect(DB)
|
cursor = sqlite3.connect(DB)
|
||||||
cursor.execute('CREATE TABLE RunFinger (timestamp TEXT, Protocol TEXT, Host TEXT, WindowsVersion TEXT, OsVer TEXT, DomainJoined TEXT, Bootime TEXT, Signing TEXT, NullSess TEXT, IsRDPOn TEXT)')
|
cursor.execute('CREATE TABLE RunFinger (timestamp TEXT, Protocol TEXT, Host TEXT, WindowsVersion TEXT, OsVer TEXT, DomainJoined TEXT, Bootime TEXT, Signing TEXT, NullSess TEXT, IsRDPOn TEXT, SMB1 TEXT, MSSQL TEXT)')
|
||||||
cursor.commit()
|
cursor.commit()
|
||||||
cursor.close()
|
cursor.close()
|
||||||
|
|
||||||
|
|
@ -131,17 +131,17 @@ def GetOsBuildNumber(data):
|
||||||
return ProductBuild
|
return ProductBuild
|
||||||
|
|
||||||
def SaveRunFingerToDb(result):
|
def SaveRunFingerToDb(result):
|
||||||
for k in [ 'Protocol', 'Host', 'WindowsVersion', 'OsVer', 'DomainJoined', 'Bootime', 'Signing','NullSess', 'IsRPDOn']:
|
for k in [ 'Protocol', 'Host', 'WindowsVersion', 'OsVer', 'DomainJoined', 'Bootime', 'Signing','NullSess', 'IsRPDOn', 'SMB1','MSSQL']:
|
||||||
if not k in result:
|
if not k in result:
|
||||||
result[k] = ''
|
result[k] = ''
|
||||||
|
|
||||||
cursor = sqlite3.connect(DB)
|
cursor = sqlite3.connect(DB)
|
||||||
cursor.text_factory = sqlite3.Binary
|
cursor.text_factory = sqlite3.Binary
|
||||||
res = cursor.execute("SELECT COUNT(*) AS count FROM RunFinger WHERE Protocol=? AND Host=? AND WindowsVersion=? AND OsVer=? AND DomainJoined=? AND Bootime=? AND Signing=? AND NullSess=? AND IsRDPOn=?", (result['Protocol'], result['Host'], result['WindowsVersion'], result['OsVer'], result['DomainJoined'], result['Bootime'], result['Signing'], result['NullSess'], result['IsRDPOn']))
|
res = cursor.execute("SELECT COUNT(*) AS count FROM RunFinger WHERE Protocol=? AND Host=? AND WindowsVersion=? AND OsVer=? AND DomainJoined=? AND Bootime=? AND Signing=? AND NullSess=? AND IsRDPOn=? AND SMB1=? AND MSSQL=?", (result['Protocol'], result['Host'], result['WindowsVersion'], result['OsVer'], result['DomainJoined'], result['Bootime'], result['Signing'], result['NullSess'], result['IsRDPOn'], result['SMB1'], result['MSSQL']))
|
||||||
(count,) = res.fetchone()
|
(count,) = res.fetchone()
|
||||||
|
|
||||||
if not count:
|
if not count:
|
||||||
cursor.execute("INSERT INTO RunFinger VALUES(datetime('now'), ?, ?, ?, ?, ?, ?, ?, ?, ?)", (result['Protocol'], result['Host'], result['WindowsVersion'], result['OsVer'], result['DomainJoined'], result['Bootime'], result['Signing'], result['NullSess'], result['IsRDPOn']))
|
cursor.execute("INSERT INTO RunFinger VALUES(datetime('now'), ?, ?, ?, ?, ?, ?, ?, ?, ?,?,?)", (result['Protocol'], result['Host'], result['WindowsVersion'], result['OsVer'], result['DomainJoined'], result['Bootime'], result['Signing'], result['NullSess'], result['IsRDPOn'], result['SMB1'], result['MSSQL']))
|
||||||
cursor.commit()
|
cursor.commit()
|
||||||
|
|
||||||
cursor.close()
|
cursor.close()
|
||||||
|
|
@ -160,8 +160,9 @@ def ParseSMBNTLM2Exchange(data, host, bootime, signing): #Parse SMB NTLMSSP Res
|
||||||
WindowsVers = WorkstationFingerPrint(data[SSPIStart+48:SSPIStart+50])
|
WindowsVers = WorkstationFingerPrint(data[SSPIStart+48:SSPIStart+50])
|
||||||
WindowsBuildVers = GetOsBuildNumber(data[SSPIStart+50:SSPIStart+52])
|
WindowsBuildVers = GetOsBuildNumber(data[SSPIStart+50:SSPIStart+52])
|
||||||
DomainGrab((host, 445))
|
DomainGrab((host, 445))
|
||||||
RDP = IsRDPOn((host,3389))
|
RDP = IsServiceOn((host,3389))
|
||||||
print(("[SMB2]:['{}', Os:'{}', Build:'{}', Domain:'{}', Bootime: '{}', Signing:'{}', RDP:'{}', SMB1:'{}']".format(host, WindowsVers, str(WindowsBuildVers), Domain, Bootime, signing, RDP,SMB1)))
|
SQL = IsServiceOn((host,1433))
|
||||||
|
print(("[SMB2]:['{}', Os:'{}', Build:'{}', Domain:'{}', Bootime: '{}', Signing:'{}', RDP:'{}', SMB1:'{}', MSSQL:'{}']".format(host, WindowsVers, str(WindowsBuildVers), Domain, Bootime, signing, RDP,SMB1, SQL)))
|
||||||
SaveRunFingerToDb({
|
SaveRunFingerToDb({
|
||||||
'Protocol': '[SMB2]',
|
'Protocol': '[SMB2]',
|
||||||
'Host': host,
|
'Host': host,
|
||||||
|
|
@ -171,7 +172,9 @@ def ParseSMBNTLM2Exchange(data, host, bootime, signing): #Parse SMB NTLMSSP Res
|
||||||
'Bootime': Bootime,
|
'Bootime': Bootime,
|
||||||
'Signing': signing,
|
'Signing': signing,
|
||||||
'NullSess': 'N/A',
|
'NullSess': 'N/A',
|
||||||
'IsRDPOn':RDP,
|
'IsRDPOn':RDP,
|
||||||
|
'SMB1': SMB1,
|
||||||
|
'MSSQL': SQL
|
||||||
})
|
})
|
||||||
|
|
||||||
def GetBootTime(data):
|
def GetBootTime(data):
|
||||||
|
|
@ -193,7 +196,7 @@ def IsDCVuln(t, host):
|
||||||
Date = datetime.datetime(2017, 3, 14, 0, 30)
|
Date = datetime.datetime(2017, 3, 14, 0, 30)
|
||||||
if t[0] < Date:
|
if t[0] < Date:
|
||||||
return("This system may be vulnerable to MS17-010")
|
return("This system may be vulnerable to MS17-010")
|
||||||
return("Last restart: "+t[1])
|
return(t[1])
|
||||||
|
|
||||||
#####################
|
#####################
|
||||||
|
|
||||||
|
|
@ -253,7 +256,7 @@ def DomainGrab(Host):
|
||||||
return GetHostnameAndDomainName(data)
|
return GetHostnameAndDomainName(data)
|
||||||
except IOError as e:
|
except IOError as e:
|
||||||
if e.errno == errno.ECONNRESET:
|
if e.errno == errno.ECONNRESET:
|
||||||
SMB1 = "Disabled"
|
SMB1 = "False"
|
||||||
return False
|
return False
|
||||||
else:
|
else:
|
||||||
return False
|
return False
|
||||||
|
|
@ -392,8 +395,9 @@ def ShowSmallResults(Host):
|
||||||
Hostname, DomainJoined = DomainGrab((Host, 445))
|
Hostname, DomainJoined = DomainGrab((Host, 445))
|
||||||
Signing, OsVer, LanManClient = SmbFinger((Host, 445))
|
Signing, OsVer, LanManClient = SmbFinger((Host, 445))
|
||||||
NullSess = check_smb_null_session((Host, 445))
|
NullSess = check_smb_null_session((Host, 445))
|
||||||
RDP = IsRDPOn((Host,3389))
|
RDP = IsServiceOn((Host,3389))
|
||||||
print(("[SMB1]:['{}', Os:'{}', Domain:'{}', Signing:'{}', Null Session: '{}', RDP:'{}']".format(Host, OsVer, DomainJoined, Signing, NullSess,RDP)))
|
SQL = IsServiceOn((Host,1433))
|
||||||
|
print(("[SMB1]:['{}', Os:'{}', Domain:'{}', Signing:'{}', Null Session: '{}', RDP:'{}', MSSQL:'{}']".format(Host, OsVer, DomainJoined, Signing, NullSess,RDP, SQL)))
|
||||||
SaveRunFingerToDb({
|
SaveRunFingerToDb({
|
||||||
'Protocol': '[SMB1]',
|
'Protocol': '[SMB1]',
|
||||||
'Host': Host,
|
'Host': Host,
|
||||||
|
|
@ -403,13 +407,15 @@ def ShowSmallResults(Host):
|
||||||
'Bootime': 'N/A',
|
'Bootime': 'N/A',
|
||||||
'Signing': Signing,
|
'Signing': Signing,
|
||||||
'NullSess': NullSess,
|
'NullSess': NullSess,
|
||||||
'IsRDPOn':RDP,
|
'IsRDPOn':RDP,
|
||||||
|
'SMB1': 'True',
|
||||||
|
'MSSQL': SQL
|
||||||
})
|
})
|
||||||
except:
|
except:
|
||||||
return False
|
return False
|
||||||
|
|
||||||
|
|
||||||
def IsRDPOn(Host):
|
def IsServiceOn(Host):
|
||||||
s = socket(AF_INET, SOCK_STREAM)
|
s = socket(AF_INET, SOCK_STREAM)
|
||||||
s.settimeout(Timeout)
|
s.settimeout(Timeout)
|
||||||
try:
|
try:
|
||||||
|
|
@ -422,6 +428,7 @@ def IsRDPOn(Host):
|
||||||
except Exception as err:
|
except Exception as err:
|
||||||
return 'False'
|
return 'False'
|
||||||
|
|
||||||
|
|
||||||
def RunFinger(Host):
|
def RunFinger(Host):
|
||||||
if Filename != None:
|
if Filename != None:
|
||||||
with open(Filename) as fp:
|
with open(Filename) as fp:
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue