Many changes, bug fixes and improvements. scripts in 'tools' still need to be fixed.

settings.py

@@ -1,7 +1,24 @@
+#!/usr/bin/env python
+# This file is part of Responder
+# Original work by Laurent Gaffie - Trustwave Holdings
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
 import os
 import sys
 import socket
 import utils
+import logging
 import ConfigParser
 
 __version__ = 'Responder 2.2'
@@ -10,7 +27,7 @@ class Settings:
 	
 	def __init__(self):
 		self.ResponderPATH = os.path.dirname(__file__)
-		self.Responder_IP = '0.0.0.0'
+		self.Bind_To = '0.0.0.0'
 
 	def __str__(self):
 		ret = 'Settings class:\n'
@@ -22,10 +39,41 @@ class Settings:
 	def toBool(self, str):
 		return True if str.upper() == 'ON' else False
 
+	def ExpandIPRanges(self):
+		def expand_ranges(lst):
+			ret = []
+			for l in lst:
+				tab = l.split('.')
+				x = {}
+				i = 0
+				for byte in tab:
+					if '-' not in byte:
+						x[i] = x[i+1] = int(byte)
+					else:
+						b = byte.split('-')
+						x[i] = int(b[0])
+						x[i+1] = int(b[1])
+					i += 2
+				for a in range(x[0], x[1]+1):
+					for b in range(x[2], x[3]+1):
+						for c in range(x[4], x[5]+1):
+							for d in range(x[6], x[7]+1):
+								ret.append('%d.%d.%d.%d' % (a, b, c, d))
+			return ret
+
+		self.RespondTo = expand_ranges(self.RespondTo)
+		self.RespondToName = expand_ranges(self.RespondToName)
+		self.DontRespondTo = expand_ranges(self.DontRespondTo)
+		self.DontRespondToName = expand_ranges(self.DontRespondToName)
+		self.RespondTo = expand_ranges(self.RespondTo)
+		self.RespondToName = expand_ranges(self.RespondToName)
+		self.DontRespondTo = expand_ranges(self.DontRespondTo)
+		self.DontRespondToName = expand_ranges(self.DontRespondToName)
+
 	def populate(self, options):
 
-		if options.Responder_IP is None:
-			print utils.color("Error: -i mandatory option is missing", 1, 0)
+		if options.Interface is None:
+			print utils.color("Error: -I <if> mandatory option is missing", 1)
 			sys.exit(-1)
 
 		# Config parsing
@@ -33,82 +81,118 @@ class Settings:
 		config.read(os.path.join(self.ResponderPATH, 'Responder.conf'))
 
 		# Servers
-		self.HTTP_On_Off = self.toBool(config.get('Responder Core', 'HTTP'))
-		self.SSL_On_Off	 = self.toBool(config.get('Responder Core', 'HTTPS'))
-		self.SMB_On_Off	 = self.toBool(config.get('Responder Core', 'SMB'))
-		self.SQL_On_Off	 = self.toBool(config.get('Responder Core', 'SQL'))
-		self.FTP_On_Off	 = self.toBool(config.get('Responder Core', 'FTP'))
-		self.POP_On_Off	 = self.toBool(config.get('Responder Core', 'POP'))
-		self.IMAP_On_Off = self.toBool(config.get('Responder Core', 'IMAP'))
-		self.SMTP_On_Off = self.toBool(config.get('Responder Core', 'SMTP'))
-		self.LDAP_On_Off = self.toBool(config.get('Responder Core', 'LDAP'))
-		self.DNS_On_Off	 = self.toBool(config.get('Responder Core', 'DNS'))
-		self.Krb_On_Off	 = self.toBool(config.get('Responder Core', 'Kerberos'))
+		self.HTTP_On_Off     = self.toBool(config.get('Responder Core', 'HTTP'))
+		self.SSL_On_Off      = self.toBool(config.get('Responder Core', 'HTTPS'))
+		self.SMB_On_Off      = self.toBool(config.get('Responder Core', 'SMB'))
+		self.SQL_On_Off      = self.toBool(config.get('Responder Core', 'SQL'))
+		self.FTP_On_Off      = self.toBool(config.get('Responder Core', 'FTP'))
+		self.POP_On_Off      = self.toBool(config.get('Responder Core', 'POP'))
+		self.IMAP_On_Off     = self.toBool(config.get('Responder Core', 'IMAP'))
+		self.SMTP_On_Off     = self.toBool(config.get('Responder Core', 'SMTP'))
+		self.LDAP_On_Off     = self.toBool(config.get('Responder Core', 'LDAP'))
+		self.DNS_On_Off      = self.toBool(config.get('Responder Core', 'DNS'))
+		self.Krb_On_Off      = self.toBool(config.get('Responder Core', 'Kerberos'))
 
-		# Log
-		self.SessionLog	     = config.get('Responder Core', 'SessionLog')
-		self.Log1Filename    = os.path.join(self.ResponderPATH, self.SessionLog)
-		self.Log2Filename    = os.path.join(self.ResponderPATH, 'logs', 'LLMNR-NBT-NS.log')
-		self.AnalyzeFilename = os.path.join(self.ResponderPATH, 'logs', 'Analyze-LLMNR-NBT-NS.log')
+		# Log Files
+		self.SessionLogFile      = os.path.join(self.ResponderPATH, config.get('Responder Core', 'SessionLog'))
+		self.PoisonersLogFile    = os.path.join(self.ResponderPATH, config.get('Responder Core', 'PoisonersLog'))
+		self.AnalyzeLogFile      = os.path.join(self.ResponderPATH, config.get('Responder Core', 'AnalyzeLog'))
+
+		self.FTPLog          = os.path.join(self.ResponderPATH, 'logs', 'FTP-Clear-Text-Password-%s.txt')
+		self.IMAPLog         = os.path.join(self.ResponderPATH, 'logs', 'IMAP-Clear-Text-Password-%s.txt')
+		self.POP3Log         = os.path.join(self.ResponderPATH, 'logs', 'POP3-Clear-Text-Password-%s.txt')
+		self.HTTPBasicLog    = os.path.join(self.ResponderPATH, 'logs', 'HTTP-Clear-Text-Password-%s.txt')
+		self.LDAPClearLog    = os.path.join(self.ResponderPATH, 'logs', 'LDAP-Clear-Text-Password-%s.txt')
+		self.SMBClearLog     = os.path.join(self.ResponderPATH, 'logs', 'SMB-Clear-Text-Password-%s.txt')
+		self.MSSQLClearLog   = os.path.join(self.ResponderPATH, 'logs', 'MSSQL-Clear-Text-Password-%s.txt')
+
+		self.LDAPNTLMv1Log   = os.path.join(self.ResponderPATH, 'logs', 'LDAP-NTLMv1-Client-%s.txt')
+		self.HTTPNTLMv1Log   = os.path.join(self.ResponderPATH, 'logs', 'HTTP-NTLMv1-Client-%s.txt')
+		self.HTTPNTLMv2Log   = os.path.join(self.ResponderPATH, 'logs', 'HTTP-NTLMv2-Client-%s.txt')
+		self.KerberosLog     = os.path.join(self.ResponderPATH, 'logs', 'MSKerberos-Client-%s.txt')
+		self.MSSQLNTLMv1Log  = os.path.join(self.ResponderPATH, 'logs', 'MSSQL-NTLMv1-Client-%s.txt')
+		self.MSSQLNTLMv2Log  = os.path.join(self.ResponderPATH, 'logs', 'MSSQL-NTLMv2-Client-%s.txt')
+		self.SMBNTLMv1Log    = os.path.join(self.ResponderPATH, 'logs', 'SMB-NTLMv1-Client-%s.txt')
+		self.SMBNTLMv2Log    = os.path.join(self.ResponderPATH, 'logs', 'SMB-NTLMv2-Client-%s.txt')
+		self.SMBNTLMSSPv1Log = os.path.join(self.ResponderPATH, 'logs', 'SMB-NTLMSSPv1-Client-%s.txt')
+		self.SMBNTLMSSPv2Log = os.path.join(self.ResponderPATH, 'logs', 'SMB-NTLMSSPv2-Client-%s.txt')
 
 		# HTTP Options
-		self.Exe_On_Off		  = config.get('HTTP Server', 'Serve-Exe').upper()
-		self.Exec_Mode_On_Off = config.get('HTTP Server', 'Serve-Always').upper()
-		self.Html_Filename	  = config.get('HTTP Server', 'HtmlFilename')
-		self.Exe_Filename	  = config.get('HTTP Server', 'ExeFilename')
-		self.WPAD_Script	  = config.get('HTTP Server', 'WPADScript')
-		self.HTMLToServe	  = config.get('HTTP Server', 'HTMLToServe')
+		self.Serve_Exe	      = self.toBool(config.get('HTTP Server', 'Serve-Exe'))
+		self.Serve_Always     = self.toBool(config.get('HTTP Server', 'Serve-Always'))
+		self.Serve_Html       = self.toBool(config.get('HTTP Server', 'Serve-Html'))
+		self.Html_Filename    = config.get('HTTP Server', 'HtmlFilename')
+		self.Exe_Filename     = config.get('HTTP Server', 'ExeFilename')
+		self.WPAD_Script      = config.get('HTTP Server', 'WPADScript')
+		self.HTMLToServe      = config.get('HTTP Server', 'HTMLToServe')
+
+		if not os.path.exists(self.Html_Filename):
+			print utils.color("/!\ Warning: %s: file not found" % self.Html_Filename, 3, 1)
+
+		if not os.path.exists(self.Exe_Filename):
+			print utils.color("/!\ Warning: %s: file not found" % self.Exe_Filename, 3, 1)
 
 		# SSL Options
-		self.SSLKey	     = config.get('HTTPS Server', 'SSLKey')
-		self.SSLCert	 = config.get('HTTPS Server', 'SSLCert')
+		self.SSLKey  = config.get('HTTPS Server', 'SSLKey')
+		self.SSLCert = config.get('HTTPS Server', 'SSLCert')
 
 		# Respond to hosts
-		self.RespondTo			= filter(None, [x.upper().strip() for x in config.get('Responder Core', 'RespondTo').strip().split(',')])
-		self.RespondToName		= filter(None, [x.upper().strip() for x in config.get('Responder Core', 'RespondToName').strip().split(',')])
-		self.DontRespondTo		= filter(None, [x.upper().strip() for x in config.get('Responder Core', 'DontRespondTo').strip().split(',')])
-		self.DontRespondToName	= filter(None, [x.upper().strip() for x in config.get('Responder Core', 'DontRespondToName').strip().split(',')])
-		
-		print self.DontRespondTo
+		self.RespondTo         = filter(None, [x.upper().strip() for x in config.get('Responder Core', 'RespondTo').strip().split(',')])
+		self.RespondToName     = filter(None, [x.upper().strip() for x in config.get('Responder Core', 'RespondToName').strip().split(',')])
+		self.DontRespondTo     = filter(None, [x.upper().strip() for x in config.get('Responder Core', 'DontRespondTo').strip().split(',')])
+		self.DontRespondToName = filter(None, [x.upper().strip() for x in config.get('Responder Core', 'DontRespondToName').strip().split(',')])
 
 		# CLI options
-		self.Responder_IP	 = options.Responder_IP
-		self.LM_On_Off		 = options.LM_On_Off
-		self.WPAD_On_Off	 = options.WPAD_On_Off
-		self.Wredirect		 = options.Wredirect
-		self.NBTNSDomain	 = options.NBTNSDomain
-		self.Basic			 = options.Basic
-		self.Finger_On_Off	 = options.Finger
-		self.Interface		 = options.Interface
-		self.Verbose		 = options.Verbose
+		self.LM_On_Off       = options.LM_On_Off
+		self.WPAD_On_Off     = options.WPAD_On_Off
+		self.Wredirect       = options.Wredirect
+		self.NBTNSDomain     = options.NBTNSDomain
+		self.Basic           = options.Basic
+		self.Finger_On_Off   = options.Finger
+		self.Interface       = options.Interface
 		self.Force_WPAD_Auth = options.Force_WPAD_Auth
 		self.Upstream_Proxy  = options.Upstream_Proxy
-		self.AnalyzeMode	 = options.Analyze
-		self.CommandLine	 = str(sys.argv)
-
-		self.IP_aton		 = socket.inet_aton(self.Responder_IP)
-		self.Os_version		 = sys.platform
+		self.AnalyzeMode     = options.Analyze
+		self.CommandLine     = str(sys.argv)
 
 		if self.HTMLToServe == None:
 			self.HTMLToServe = ''
 
-		if self.Interface != "Not set":
-			self.BIND_TO_Interface = self.Interface
+		self.Bind_To = utils.FindLocalIP(self.Interface)
 
-		else:
-			self.BIND_TO_Interface = "ALL"
+		self.IP_aton         = socket.inet_aton(self.Bind_To)
+		self.Os_version      = sys.platform
 
-		# Challenge
-		self.NumChal	 = config.get('Responder Core', 'Challenge')
+		# Set up Challenge
+		self.NumChal = config.get('Responder Core', 'Challenge')
 
 		if len(self.NumChal) is not 16:
-			print utils.color("The challenge must be exactly 16 chars long.\nExample: -c 1122334455667788", 1, 0)
+			print utils.color("[!] The challenge must be exactly 16 chars long.\nExample: 1122334455667788", 1)
 			sys.exit(-1)
 
 		self.Challenge = ""
 		for i in range(0, len(self.NumChal),2):
 			self.Challenge += self.NumChal[i:i+2].decode("hex")
 
+		# Set up logging
+		logging.basicConfig(filename=self.SessionLogFile, level=logging.INFO, format='%(asctime)s - %(message)s', datefmt='%m/%d/%Y %I:%M:%S %p')
+		logging.warning('Responder Started: %s' % self.CommandLine)
+		logging.warning('Responder Config: %s' % str(self))
+
+		Formatter = logging.Formatter('%(asctime)s - %(message)s')
+		PLog_Handler = logging.FileHandler(self.PoisonersLogFile, 'w')
+		ALog_Handler = logging.FileHandler(self.AnalyzeLogFile, 'a')
+		PLog_Handler.setLevel(logging.INFO)
+		ALog_Handler.setLevel(logging.INFO)
+		PLog_Handler.setFormatter(Formatter)
+		ALog_Handler.setFormatter(Formatter)
+
+		self.PoisonersLogger = logging.getLogger('Poisoners Log')
+		self.PoisonersLogger.addHandler(PLog_Handler)
+
+		self.AnalyzeLogger = logging.getLogger('Analyze Log')
+		self.AnalyzeLogger.addHandler(ALog_Handler)
+
 def init():
 	global Config
 	Config = Settings()