From b96df7a5e83ebcbd645b04d411d15752757c7843 Mon Sep 17 00:00:00 2001 From: ValdikSS Date: Sun, 31 Jul 2016 22:43:25 +0300 Subject: [PATCH 1/3] Determine already captured hash by username and client IP address --- utils.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/utils.py b/utils.py index 36eedfb..a93325e 100644 --- a/utils.py +++ b/utils.py @@ -148,7 +148,7 @@ def SaveToDb(result): cursor = sqlite3.connect(settings.Config.DatabaseFile) cursor.text_factory = sqlite3.Binary # We add a text factory to support different charsets - res = cursor.execute("SELECT COUNT(*) AS count FROM responder WHERE module=? AND type=? AND LOWER(user)=LOWER(?)", (result['module'], result['type'], result['user'])) + res = cursor.execute("SELECT COUNT(*) AS count FROM responder WHERE module=? AND type=? AND client=? AND LOWER(user)=LOWER(?)", (result['module'], result['type'], result['client'], result['user'])) (count,) = res.fetchone() if not count: From 480aaa73d0e3f0cd8fc2266b998ec6c6a69129ea Mon Sep 17 00:00:00 2001 From: ValdikSS Date: Sun, 31 Jul 2016 22:43:45 +0300 Subject: [PATCH 2/3] Update hash timestamp every time it's captured --- utils.py | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/utils.py b/utils.py index a93325e..cd3170f 100644 --- a/utils.py +++ b/utils.py @@ -160,7 +160,6 @@ def SaveToDb(result): cursor.execute("INSERT INTO responder VALUES(?, ?, ?, ?, ?, ?, ?, ?, ?)", (timestamp, result['module'], result['type'], result['client'], result['hostname'], result['user'], result['cleartext'], result['hash'], result['fullhash'])) cursor.commit() - cursor.close() if not count or settings.Config.Verbose: # Print output @@ -186,6 +185,9 @@ def SaveToDb(result): print color('[*] Adding client %s to auto-ignore list' % result['client'], 4, 1) else: print color('[*]', 3, 1), 'Skipping previously captured hash for %s' % result['user'] + cursor.execute("UPDATE responder SET timestamp=? WHERE user=? AND client=?", (timestamp, result['user'], result['client'])) + cursor.commit() + cursor.close() def Parse_IPV6_Addr(data): From 994d02da234eff119ac63dafc8f1ce9c5efd9d4e Mon Sep 17 00:00:00 2001 From: ValdikSS Date: Mon, 1 Aug 2016 00:53:37 +0300 Subject: [PATCH 3/3] Use standard sqlite3 timestamps with %Y-%m-%d %H:%M:%S format. This makes possible to compare timestamps as strings. --- utils.py | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/utils.py b/utils.py index cd3170f..5d6806b 100644 --- a/utils.py +++ b/utils.py @@ -143,7 +143,6 @@ def SaveToDb(result): else: fname = '%s-%s-%s.txt' % (result['module'], result['type'], result['client']) - timestamp = time.strftime("%d-%m-%Y %H:%M:%S") logfile = os.path.join(settings.Config.ResponderPATH, 'logs', fname) cursor = sqlite3.connect(settings.Config.DatabaseFile) @@ -158,7 +157,7 @@ def SaveToDb(result): else: # Otherwise, write JtR-style hash string to file outf.write(result['fullhash'] + '\n') - cursor.execute("INSERT INTO responder VALUES(?, ?, ?, ?, ?, ?, ?, ?, ?)", (timestamp, result['module'], result['type'], result['client'], result['hostname'], result['user'], result['cleartext'], result['hash'], result['fullhash'])) + cursor.execute("INSERT INTO responder VALUES(datetime('now'), ?, ?, ?, ?, ?, ?, ?, ?)", (result['module'], result['type'], result['client'], result['hostname'], result['user'], result['cleartext'], result['hash'], result['fullhash'])) cursor.commit() @@ -185,7 +184,7 @@ def SaveToDb(result): print color('[*] Adding client %s to auto-ignore list' % result['client'], 4, 1) else: print color('[*]', 3, 1), 'Skipping previously captured hash for %s' % result['user'] - cursor.execute("UPDATE responder SET timestamp=? WHERE user=? AND client=?", (timestamp, result['user'], result['client'])) + cursor.execute("UPDATE responder SET timestamp=datetime('now') WHERE user=? AND client=?", (result['user'], result['client'])) cursor.commit() cursor.close()