diff --git a/README.md b/README.md index 285178d..ea85da9 100644 --- a/README.md +++ b/README.md @@ -8,7 +8,7 @@ Author: Laurent Gaffie https://g-laurent.blogspot.c ## Intro ## -Responder an LLMNR, NBT-NS and MDNS poisoner. It will answer to *specific* NBT-NS (NetBIOS Name Service) queries based on their name suffix (see: http://support.microsoft.com/kb/163409). By default, the tool will only answer to File Server Service request, which is for SMB. +Responder is an LLMNR, NBT-NS and MDNS poisoner. It will answer to *specific* NBT-NS (NetBIOS Name Service) queries based on their name suffix (see: http://support.microsoft.com/kb/163409). By default, the tool will only answer to File Server Service request, which is for SMB. The concept behind this is to target our answers, and be stealthier on the network. This also helps to ensure that we don't break legitimate NBT-NS behavior. You can set the -r option via command line if you want to answer to the Workstation Service request name suffix. @@ -74,7 +74,7 @@ This module allows you to see NBT-NS, BROWSER, LLMNR, DNS requests on the networ ## Hashes ## -All hashes are printed to stdout and dumped in an unique file John Jumbo compliant, using this format: +All hashes are printed to stdout and dumped in a unique John Jumbo compliant file, using this format: (MODULE_NAME)-(HASH_TYPE)-(CLIENT_IP).txt diff --git a/settings.py b/settings.py index 1314f11..16bbad4 100644 --- a/settings.py +++ b/settings.py @@ -206,16 +206,20 @@ class Settings: if self.NumChal.lower() == 'random': self.NumChal = "random" - if len(self.NumChal) is not 16 and not "random": + if len(self.NumChal) != 16 and self.NumChal != "random": print(utils.color("[!] The challenge must be exactly 16 chars long.\nExample: 1122334455667788", 1)) sys.exit(-1) - self.Challenge = "" + self.Challenge = b'' if self.NumChal.lower() == 'random': pass - else: - for i in range(0, len(self.NumChal),2): - self.Challenge += self.NumChal[i:i+2].decode("hex") + else: + if self.PY2OR3 == 'PY2': + for i in range(0, len(self.NumChal),2): + self.Challenge += self.NumChal[i:i+2].decode("hex") + else: + self.Challenge = bytes.fromhex(self.NumChal) + # Set up logging logging.basicConfig(filename=self.SessionLogFile, level=logging.INFO, format='%(asctime)s - %(message)s', datefmt='%m/%d/%Y %I:%M:%S %p') diff --git a/tools/MultiRelay.py b/tools/MultiRelay.py index ac34d3d..db4416d 100755 --- a/tools/MultiRelay.py +++ b/tools/MultiRelay.py @@ -412,12 +412,12 @@ class SMBRelay(BaseRequestHandler): data = self.request.recv(4096) ## Make sure it's not a Kerberos auth. - if data.find("NTLM") is not -1: + if data.find("NTLM") != -1: ## Start with nego protocol + session setup negotiate to our target. data, smbdata, s, challenge = GrabNegotiateFromTarget(data, s, Pivoting) ## Make sure it's not a Kerberos auth. - if data.find("NTLM") is not -1: + if data.find("NTLM") != -1: ##Relay all that to our client. if data[8:10] == "\x73\x00": head = SMBHeader(cmd="\x73",flag1="\x98", flag2="\x43\xc8", errorcode="\x16\x00\x00\xc0", pid=pidcalc(data),mid=midcalc(data)) diff --git a/tools/RunFingerPackets.py b/tools/RunFingerPackets.py index a112ef6..651849b 100644 --- a/tools/RunFingerPackets.py +++ b/tools/RunFingerPackets.py @@ -11,7 +11,7 @@ else: def StructWithLenPython2or3(endian,data): #Python2... - if PY2OR3 is "PY2": + if PY2OR3 == "PY2": return struct.pack(endian, data) #Python3... else: