From 7a95ef1474d3cea88680f359581aa89a4e9c30f5 Mon Sep 17 00:00:00 2001 From: lgandx Date: Sat, 6 Dec 2014 16:37:38 -0500 Subject: [PATCH] Added: FindSMB2UPTime script. Find when is the last time a >= 2008 server was updated. --- CHANGELOG | 8 +++- FindSMB2UPTime.py | 116 ++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 123 insertions(+), 1 deletion(-) create mode 100755 FindSMB2UPTime.py diff --git a/CHANGELOG b/CHANGELOG index e6f27ad..24cf12b 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -1,4 +1,10 @@ -ChangeLog Responder 2.0.8: +ChangeLog Responder 2.1.4: +- Added: FindSMB2UPTime.py +- Added: FindSQLSrv.py +- Added: DontRespondTo and DontRespondToName options in Responder.conf +- Added: Lanman module +- Added: Analyze mode +- Added: SMBRelay - Removed: Old style options (On/Off). Just use -r instead of -r On. - Added [DHCP.py]: in-scope target, windows >= Vista support (-R) and unicast answers only. - Added: In-scope llmnr/nbt-ns name option diff --git a/FindSMB2UPTime.py b/FindSMB2UPTime.py new file mode 100755 index 0000000..72f7be1 --- /dev/null +++ b/FindSMB2UPTime.py @@ -0,0 +1,116 @@ +#! /usr/bin/env python +# NBT-NS/LLMNR Responder +# Created by Laurent Gaffie +# Copyright (C) 2014 Trustwave Holdings, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . +import datetime, struct +import sys,socket,struct +from socket import * +from odict import OrderedDict + +class Packet(): + fields = OrderedDict([ + ("", ""), + ]) + def __init__(self, **kw): + self.fields = OrderedDict(self.__class__.fields) + for k,v in kw.items(): + if callable(v): + self.fields[k] = v(self.fields[k]) + else: + self.fields[k] = v + def __str__(self): + return "".join(map(str, self.fields.values())) + +def GetBootTime(data): + Filetime = int(struct.unpack('i", len(data)) + return Len + +class SMBHeader(Packet): + fields = OrderedDict([ + ("Proto", "\xff\x53\x4d\x42"), + ("Cmd", "\x72"), + ("Error-Code", "\x00\x00\x00\x00" ), + ("Flag1", "\x10"), + ("Flag2", "\x00\x00"), + ("Pidhigh", "\x00\x00"), + ("Signature", "\x00\x00\x00\x00\x00\x00\x00\x00"), + ("Reserved", "\x00\x00"), + ("TID", "\x00\x00"), + ("PID", "\xff\xfe"), + ("UID", "\x00\x00"), + ("MID", "\x00\x00"), + ]) + +class SMBNego(Packet): + fields = OrderedDict([ + ("Wordcount", "\x00"), + ("Bcc", "\x62\x00"), + ("Data", "") + ]) + + def calculate(self): + self.fields["Bcc"] = struct.pack("