github/Responder
1
0
Fork 0
mirror of https://github.com/lgandx/Responder.git synced 2025-08-20 13:23:38 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions

Merge ec2f95ef8d into 398a1fce31

Browse source
This commit is contained in:
Johnny Xmas 2025-06-05 11:36:49 +03:00 committed by GitHub
commit 8946274997
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
3 changed files with 86 additions and 46 deletions
Download patch file Download diff file Expand all files Collapse all files

39
OSX_launcher.sh
View file

@ -1,39 +0,0 @@
# responder launcher
# set -x
# Usage:
# ./responderd /path/to/responder interface responder_options
# port list
# Everything -> tcp:21 tcp:80 tcp:25 udp:53 tcp:88 udp:137 udp:138 tcp:139 tcp:143 tcp:443 tcp:445 tcp:110 tcp:389 tcp:1433 tcp:3141 udp:5353 udp:5355
PORT_LIST=(tcp:21 udp:53 tcp:88 udp:137 udp:138 tcp:139 tcp:143 tcp:445 tcp:389 tcp:1433 udp:5353 udp:5355)
SVC_LIST=()
# check for running processes and kill them one by one
# looping over everything rather than doing a mass kill because some processes may be
# children and may not need to be killed
for port in ${PORT_LIST[@]}; do
PROC=$(lsof +c 0 -i $port | grep -m 1 -v 'launchd\|COMMAND' | cut -d' ' -f1)
if [ -n "$PROC" ]; then
AGENT=$(sudo launchctl list | grep -m 1 $PROC | cut -f3 | sed 's/.reloaded//g')
# load/unload are listed as "legacy" in 10.10+ may need to change this someday
echo "Stopping $PROC"
sudo launchctl unload -w /System/Library/LaunchDaemons/$AGENT.plist
# append killed service to new array
SVC_LIST+=($AGENT)
fi
done
# get IP address
IP=$(ifconfig $2 | grep 'inet ' | cut -d' ' -f2)
# Launch responder
python $1 $3 -i $IP
# restore stopped services
for agent in ${SVC_LIST[@]}; do
echo "Starting $agent"
sudo launchctl load -w /System/Library/LaunchDaemons/$agent.plist
done

14
README.md
View file

@ -16,7 +16,7 @@ Responder is an LLMNR, NBT-NS and MDNS poisoner.
- Built-in SMB Auth server. - Built-in SMB Auth server.
Supports NTLMv1, NTLMv2 hashes with Extended Security NTLMSSP by default. Successfully tested from Windows 95 to Server 2022, Samba and Mac OSX Lion. Clear text password is supported for NT4, and LM hashing downgrade when the --lm option is set. If --disable-ess is set, extended session security will be disabled for NTLMv1 authentication. SMBv2 has also been implemented and is supported by default. Supports NTLMv1, NTLMv2 hashes with Extended Security NTLMSSP by default. Successfully tested from Windows 95 to Server 2022, Samba and Mac OS X 10.7 (Lion). Clear text password is supported for NT4, and LM hashing downgrade when the --lm option is set. If --disable-ess is set, extended session security will be disabled for NTLMv1 authentication. SMBv2 has also been implemented and is supported by default.
- Built-in MSSQL Auth server. - Built-in MSSQL Auth server.
@ -101,15 +101,15 @@ Edit this file /etc/NetworkManager/NetworkManager.conf and comment the line: `dn
- This tool is not meant to work on Windows. - This tool is not meant to work on Windows.
- For OSX, please note: Responder must be launched with an IP address for the -i flag (e.g. -i YOUR_IP_ADDR). There is no native support in OSX for custom interface binding. Using -i en1 will not work. Also to run Responder with the best experience, run the following as root: - For macOS, please note: Responder must be launched with an IP address for the -i flag (e.g. -i YOUR_IP_ADDR). There is no native support in macOS for custom interface binding. Using -i en1 will not work. Also to run Responder with the best experience, run the following as root:
launchctl unload /System/Library/LaunchDaemons/com.apple.Kerberos.kdc.plist launchctl bootout system /System/Library/LaunchDaemons/com.apple.Kerberos.kdc.plist
launchctl unload /System/Library/LaunchDaemons/com.apple.mDNSResponder.plist launchctl bootout system /System/Library/LaunchDaemons/com.apple.mDNSResponder.plist
launchctl unload /System/Library/LaunchDaemons/com.apple.smbd.plist launchctl bootout system /System/Library/LaunchDaemons/com.apple.smbd.plist
launchctl unload /System/Library/LaunchDaemons/com.apple.netbiosd.plist launchctl bootout system /System/Library/LaunchDaemons/com.apple.netbiosd.plist
## Usage ## ## Usage ##
@ -133,7 +133,7 @@ Options:
Network interface to use, you can use 'ALL' as a Network interface to use, you can use 'ALL' as a
wildcard for all interfaces wildcard for all interfaces
-i 10.0.0.21, --ip=10.0.0.21 -i 10.0.0.21, --ip=10.0.0.21
Local IP to use (only for OSX) Local IP to use (only for macOS)
-6 2002:c0a8:f7:1:3ba8:aceb:b1a9:81ed, --externalip6=2002:c0a8:f7:1:3ba8:aceb:b1a9:81ed -6 2002:c0a8:f7:1:3ba8:aceb:b1a9:81ed, --externalip6=2002:c0a8:f7:1:3ba8:aceb:b1a9:81ed
Poison all requests with another IPv6 address than Poison all requests with another IPv6 address than
Responder's one. Responder's one.

79
macOS_Launcher.sh Executable file
View file

@ -0,0 +1,79 @@
#!/usr/bin/env bash
#Responder launcher for MacOS
USAGE="$(basename "$0") [Responder.py arguments...] - Script to automagically re/configure a MacOS environment and launch Responder"
#Environment check
if uname -a | grep -v -q Darwin
then echo "This script is only for MacOS. On any other OS, run Responder.py directly."
exit 1
elif csrutil status | grep -q enabled
then echo "Please disable System Integrity Protection so Responder can stop and start protected services"
exit 1
elif [[ $# -eq 0 ]]
then echo "Usage: $USAGE"
echo "You haven't provided any arguments! Run Responder.py -h for args help."
exit 1
elif [ "$EUID" -ne 0 ]
then echo "Managing servces requires root privledges. Please run as root."
exit 1
fi
TCP_LIST=(21 25 80 88 110 135 139 143 389 445 587 1433 3128 3141)
UDP_LIST=(53 137 138 389 1434 5353 5355)
SVC_LIST=()
#Stop services specified in README.md (if they exist)
if [ -e /System/Library/LaunchDaemons/com.apple.Kerberos.kdc.plist ]
then launchctl bootout system /System/Library/LaunchDaemons/com.apple.Kerberos.kdc.plist
SVC_LIST+=(com.apple.Kerberos.kdc)
fi
if [ -e /System/Library/LaunchDaemons/com.apple.mDNSResponder.plist ]
then launchctl bootout system /System/Library/LaunchDaemons/com.apple.mDNSResponder.plist
SVC_LIST+=(com.apple.mDNSResponder)
fi
if [ -e /System/Library/LaunchDaemons/com.apple.mDNSResponder.plist ]
then launchctl bootout system /System/Library/LaunchDaemons/com.apple.smbd.plist
SVC_LIST+=(com.apple.smbd)
fi
if [ -e /System/Library/LaunchDaemons/com.apple.netbiosd.plist ]
then launchctl bootout system /System/Library/LaunchDaemons/com.apple.netbiosd.plist
SVC_LIST+=(com.apple.netbiosd)
fi
# Check for any TCP listeners and shut them down
echo "Resolving listening service conflicts..."
for PORT in "${TCP_LIST[@]}"; do
echo "Checking for TCP listeners on Port $PORT..."
PROC=$(lsof +c 0 -iTCP:"$PORT" -sTCP:LISTEN -nP | grep -m 1 -v 'launchd\|COMMAND' | cut -d' ' -f1) #Get service name
if [ -n "$PROC" ]; then
echo "Found $PROC listening on port $PORT"
AGENT=$(sudo launchctl list | grep -m 1 "$PROC*" | cut -f3 | sed 's/.reloaded//g') #Find the service plist
echo "$AGENT"
echo "Stopping conflicting service: $PROC"
sudo launchctl bootout system /System/Library/LaunchDaemons/"$AGENT".plist #Shut it down
SVC_LIST+=("$AGENT") # append killed service to an array
fi
done
#Do the same for UDP
for PORT in "${UDP_LIST[@]}"; do
echo "Checking for UDP listeners on port $PORT..."
PROC=$(sudo lsof +c 0 -iUDP:"$PORT" -nP | grep -E -v '(127|::1)'| grep -m 1 -v 'launchd\|COMMAND' | cut -d' ' -f1)
if [ -n "$PROC" ]; then
echo "Found $PROC listening on Port $PORT"
AGENT=$(sudo launchctl list | grep -m 1 "$PROC*" | cut -f3 | sed 's/.reloaded//g')
echo "Stopping coflicting service: $PROC"
sudo launchctl bootout system /System/Library/LaunchDaemons/"$AGENT".plist
SVC_LIST+=("$AGENT")
fi
done
# Launch Responder using provided arguments
sudo /usr/bin/env python ./Responder.py "$@"
# Restore stopped services after Responder exits
for AGENT in "${SVC_LIST[@]}"; do
echo "Restarting stopped service: $AGENT"
sudo launchctl bootstrap system /System/Library/LaunchDaemons/"$AGENT".plist
done