github/Responder
1
0
Fork 0
mirror of https://github.com/lgandx/Responder.git synced 2025-07-16 10:02:53 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions

add hostname on smbv2 scan result

Browse source
This commit is contained in:
requin 2022-10-31 17:31:16 +01:00
parent 3aaaaf1c7f
commit 709df2c6e1
1 changed files with 14 additions and 13 deletions
Download patch file Download diff file Expand all files Collapse all files

27
tools/RunFinger.py
View file

@ -104,7 +104,7 @@ def ParseNegotiateSMB2Ans(data):
if data[4:8] == b"\xfeSMB": if data[4:8] == b"\xfeSMB":
return True return True
else: else:
return False return False
def SMB2SigningMandatory(data): def SMB2SigningMandatory(data):
global SMB2signing global SMB2signing
@ -130,8 +130,8 @@ def WorkstationFingerPrint(data):
def GetOsBuildNumber(data): def GetOsBuildNumber(data):
ProductBuild = struct.unpack("<h",data)[0] ProductBuild = struct.unpack("<h",data)[0]
return ProductBuild return ProductBuild
def SaveRunFingerToDb(result): def SaveRunFingerToDb(result):
for k in [ 'Protocol', 'Host', 'WindowsVersion', 'OsVer', 'DomainJoined', 'Bootime', 'Signing','NullSess', 'IsRPDOn', 'SMB1','MSSQL']: for k in [ 'Protocol', 'Host', 'WindowsVersion', 'OsVer', 'DomainJoined', 'Bootime', 'Signing','NullSess', 'IsRPDOn', 'SMB1','MSSQL']:
if not k in result: if not k in result:
@ -141,13 +141,13 @@ def SaveRunFingerToDb(result):
cursor.text_factory = sqlite3.Binary cursor.text_factory = sqlite3.Binary
res = cursor.execute("SELECT COUNT(*) AS count FROM RunFinger WHERE Protocol=? AND Host=? AND WindowsVersion=? AND OsVer=? AND DomainJoined=? AND Bootime=? AND Signing=? AND NullSess=? AND IsRDPOn=? AND SMB1=? AND MSSQL=?", (result['Protocol'], result['Host'], result['WindowsVersion'], result['OsVer'], result['DomainJoined'], result['Bootime'], result['Signing'], result['NullSess'], result['IsRDPOn'], result['SMB1'], result['MSSQL'])) res = cursor.execute("SELECT COUNT(*) AS count FROM RunFinger WHERE Protocol=? AND Host=? AND WindowsVersion=? AND OsVer=? AND DomainJoined=? AND Bootime=? AND Signing=? AND NullSess=? AND IsRDPOn=? AND SMB1=? AND MSSQL=?", (result['Protocol'], result['Host'], result['WindowsVersion'], result['OsVer'], result['DomainJoined'], result['Bootime'], result['Signing'], result['NullSess'], result['IsRDPOn'], result['SMB1'], result['MSSQL']))
(count,) = res.fetchone() (count,) = res.fetchone()
if not count: if not count:
cursor.execute("INSERT INTO RunFinger VALUES(datetime('now'), ?, ?, ?, ?, ?, ?, ?, ?, ?,?,?)", (result['Protocol'], result['Host'], result['WindowsVersion'], result['OsVer'], result['DomainJoined'], result['Bootime'], result['Signing'], result['NullSess'], result['IsRDPOn'], result['SMB1'], result['MSSQL'])) cursor.execute("INSERT INTO RunFinger VALUES(datetime('now'), ?, ?, ?, ?, ?, ?, ?, ?, ?,?,?)", (result['Protocol'], result['Host'], result['WindowsVersion'], result['OsVer'], result['DomainJoined'], result['Bootime'], result['Signing'], result['NullSess'], result['IsRDPOn'], result['SMB1'], result['MSSQL']))
cursor.commit() cursor.commit()
cursor.close() cursor.close()
def ParseSMBNTLM2Exchange(data, host, bootime, signing): #Parse SMB NTLMSSP Response def ParseSMBNTLM2Exchange(data, host, bootime, signing): #Parse SMB NTLMSSP Response
data = data.encode('latin-1') data = data.encode('latin-1')
SSPIStart = data.find(b'NTLMSSP') SSPIStart = data.find(b'NTLMSSP')
@ -161,16 +161,17 @@ def ParseSMBNTLM2Exchange(data, host, bootime, signing): #Parse SMB NTLMSSP Res
#AvPairs = SSPIString[AvPairsOffset:AvPairsOffset+AvPairsLen].decode('UTF-16LE') #AvPairs = SSPIString[AvPairsOffset:AvPairsOffset+AvPairsLen].decode('UTF-16LE')
WindowsVers = WorkstationFingerPrint(data[SSPIStart+48:SSPIStart+50]) WindowsVers = WorkstationFingerPrint(data[SSPIStart+48:SSPIStart+50])
WindowsBuildVers = GetOsBuildNumber(data[SSPIStart+50:SSPIStart+52]) WindowsBuildVers = GetOsBuildNumber(data[SSPIStart+50:SSPIStart+52])
DomainGrab((host, 445)) Hostname, DomainJoined = DomainGrab((host, 445))
RDP = IsServiceOn((host,3389)) RDP = IsServiceOn((host,3389))
SQL = IsServiceOn((host,1433)) SQL = IsServiceOn((host,1433))
outstr = (f"[SMB2]:['{host}', Os:'{WindowsVers}', Build:'{str(WindowsBuildVers)}', Domain:'{Domain}', Bootime: '{Bootime}', Signing:'{signing}', RDP:'{RDP}', SMB1:'{SMB1}', MSSQL:'{SQL}']") outstr = (f"[SMB2]:['{host}', Os:'{WindowsVers}', Hostname:'{Hostname}' Build:'{str(WindowsBuildVers)}', Domain:'{Domain}', Bootime: '{Bootime}', Signing:'{signing}', RDP:'{RDP}', SMB1:'{SMB1}', MSSQL:'{SQL}']")
print(outstr) print(outstr)
if Outputfile != None: if Outputfile != None:
Outputfile.write(outstr+"\n") # save result in file Outputfile.write(outstr+"\n") # save result in file
SaveRunFingerToDb({ SaveRunFingerToDb({
'Protocol': '[SMB2]', 'Protocol': '[SMB2]',
'Host': host, 'Host': host,
'Hostname':Hostname,
'WindowsVersion': WindowsVers, 'WindowsVersion': WindowsVers,
'OsVer': str(WindowsBuildVers), 'OsVer': str(WindowsBuildVers),
'DomainJoined': Domain, 'DomainJoined': Domain,
@ -400,7 +401,7 @@ def handle(data, host):
return buffer0 return buffer0
if data[28] == "\x02": if data[28] == "\x02":
ParseSMBNTLM2Exchange(data, host[0], Bootime, SMB2signing) ParseSMBNTLM2Exchange(data, host[0], Bootime, SMB2signing)
################## ##################
def ShowSmallResults(Host): def ShowSmallResults(Host):
@ -418,7 +419,7 @@ def ShowSmallResults(Host):
Outputfile.write(outstr+"\n") # save result in file Outputfile.write(outstr+"\n") # save result in file
SaveRunFingerToDb({ SaveRunFingerToDb({
'Protocol': '[SMB1]', 'Protocol': '[SMB1]',
'Host': Host, 'Host': Host,
'WindowsVersion':OsVer, 'WindowsVersion':OsVer,
'OsVer': OsVer, 'OsVer': OsVer,
'DomainJoined':DomainJoined, 'DomainJoined':DomainJoined,
@ -467,7 +468,7 @@ def RunFinger(Host):
proc.get() proc.get()
else: else:
ShowSmallResults(Ln) ShowSmallResults(Ln)
if Filename == None: if Filename == None:
m = re.search("/", str(Host)) m = re.search("/", str(Host))
if m: if m:
@ -484,6 +485,6 @@ def RunFinger(Host):
proc.get() proc.get()
else: else:
ShowSmallResults(Host) ShowSmallResults(Host)
RunFinger(Host) RunFinger(Host)