github/Responder
1
0
Fork 0
mirror of https://github.com/lgandx/Responder.git synced 2025-07-16 10:02:53 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions

add hostname on smbv2 scan result

Browse source
This commit is contained in:
requin 2022-10-31 17:31:16 +01:00
parent 3aaaaf1c7f
commit 709df2c6e1
1 changed files with 14 additions and 13 deletions
Download patch file Download diff file Expand all files Collapse all files

27
tools/RunFinger.py
View file

@ -104,7 +104,7 @@ def ParseNegotiateSMB2Ans(data):
if data[4:8] == b"\xfeSMB":
return True
else:
return False
return False
def SMB2SigningMandatory(data):
global SMB2signing
@ -130,8 +130,8 @@ def WorkstationFingerPrint(data):
def GetOsBuildNumber(data):
ProductBuild = struct.unpack("<h",data)[0]
return ProductBuild
return ProductBuild
def SaveRunFingerToDb(result):
for k in [ 'Protocol', 'Host', 'WindowsVersion', 'OsVer', 'DomainJoined', 'Bootime', 'Signing','NullSess', 'IsRPDOn', 'SMB1','MSSQL']:
if not k in result:
@ -141,13 +141,13 @@ def SaveRunFingerToDb(result):
cursor.text_factory = sqlite3.Binary
res = cursor.execute("SELECT COUNT(*) AS count FROM RunFinger WHERE Protocol=? AND Host=? AND WindowsVersion=? AND OsVer=? AND DomainJoined=? AND Bootime=? AND Signing=? AND NullSess=? AND IsRDPOn=? AND SMB1=? AND MSSQL=?", (result['Protocol'], result['Host'], result['WindowsVersion'], result['OsVer'], result['DomainJoined'], result['Bootime'], result['Signing'], result['NullSess'], result['IsRDPOn'], result['SMB1'], result['MSSQL']))
(count,) = res.fetchone()
if not count:
cursor.execute("INSERT INTO RunFinger VALUES(datetime('now'), ?, ?, ?, ?, ?, ?, ?, ?, ?,?,?)", (result['Protocol'], result['Host'], result['WindowsVersion'], result['OsVer'], result['DomainJoined'], result['Bootime'], result['Signing'], result['NullSess'], result['IsRDPOn'], result['SMB1'], result['MSSQL']))
cursor.commit()
cursor.close()
def ParseSMBNTLM2Exchange(data, host, bootime, signing): #Parse SMB NTLMSSP Response
data = data.encode('latin-1')
SSPIStart = data.find(b'NTLMSSP')
@ -161,16 +161,17 @@ def ParseSMBNTLM2Exchange(data, host, bootime, signing): #Parse SMB NTLMSSP Res
#AvPairs = SSPIString[AvPairsOffset:AvPairsOffset+AvPairsLen].decode('UTF-16LE')
WindowsVers = WorkstationFingerPrint(data[SSPIStart+48:SSPIStart+50])
WindowsBuildVers = GetOsBuildNumber(data[SSPIStart+50:SSPIStart+52])
DomainGrab((host, 445))
Hostname, DomainJoined = DomainGrab((host, 445))
RDP = IsServiceOn((host,3389))
SQL = IsServiceOn((host,1433))
outstr = (f"[SMB2]:['{host}', Os:'{WindowsVers}', Build:'{str(WindowsBuildVers)}', Domain:'{Domain}', Bootime: '{Bootime}', Signing:'{signing}', RDP:'{RDP}', SMB1:'{SMB1}', MSSQL:'{SQL}']")
outstr = (f"[SMB2]:['{host}', Os:'{WindowsVers}', Hostname:'{Hostname}' Build:'{str(WindowsBuildVers)}', Domain:'{Domain}', Bootime: '{Bootime}', Signing:'{signing}', RDP:'{RDP}', SMB1:'{SMB1}', MSSQL:'{SQL}']")
print(outstr)
if Outputfile != None:
Outputfile.write(outstr+"\n") # save result in file
SaveRunFingerToDb({
'Protocol': '[SMB2]',
'Host': host,
'Host': host,
'Hostname':Hostname,
'WindowsVersion': WindowsVers,
'OsVer': str(WindowsBuildVers),
'DomainJoined': Domain,
@ -400,7 +401,7 @@ def handle(data, host):
return buffer0
if data[28] == "\x02":
ParseSMBNTLM2Exchange(data, host[0], Bootime, SMB2signing)
ParseSMBNTLM2Exchange(data, host[0], Bootime, SMB2signing)
##################
def ShowSmallResults(Host):
@ -418,7 +419,7 @@ def ShowSmallResults(Host):
Outputfile.write(outstr+"\n") # save result in file
SaveRunFingerToDb({
'Protocol': '[SMB1]',
'Host': Host,
'Host': Host,
'WindowsVersion':OsVer,
'OsVer': OsVer,
'DomainJoined':DomainJoined,
@ -467,7 +468,7 @@ def RunFinger(Host):
proc.get()
else:
ShowSmallResults(Ln)
if Filename == None:
m = re.search("/", str(Host))
if m:
@ -484,6 +485,6 @@ def RunFinger(Host):
proc.get()
else:
ShowSmallResults(Host)
RunFinger(Host)