lanturtle-modules/modules/responder

#!/bin/bash /usr/lib/turtle/turtle_module
VERSION="1.0"
DESCRIPTION="Responder - LLMNR, NBT-NS and MDNS poisoner"
CONF=/tmp/responder.form
AUTHOR=IMcPwn

: ${DIALOG_OK=0}
: ${DIALOG_CANCEL=1}
: ${DIALOG_HELP=2}
: ${DIALOG_EXTRA=3}
: ${DIALOG_ESC=255}

function start {
  if [ ! -s /usr/bin/git ]; then
     opkg update && opkg install git
  fi
  
  if [ ! -s /usr/lib/python2.7/sqlite3/dbapi2.py ]; then
     opkg update && opkg install python-sqlite3
  fi

  if [[ ! -d /etc/turtle/Responder || ! -s /etc/turtle/Responder/Responder.py ]]; then
      rm -r /etc/turtle/Responder
      git clone git://github.com/SpiderLabs/Responder /etc/turtle/Responder
  fi

if [ -s /etc/config/responder ];
  then
    responder_log=$(uci get responder.log)
    case $responder_log in
      sshfs)
        if pgrep sshfs > /dev/null; then 
          if [ -s /etc/turtle/Responder/Responder.db ]; then
            rm -r /etc/turtle/Responder/Responder.db
          fi
          if [[ $(readlink /etc/turtle/Responder/logs) != "/sshfs/Responder/logs" ]]; then
            rm -r /etc/turtle/Responder/logs
            mkdir -p /sshfs/Responder/logs
            ln -s /sshfs/Responder/logs /etc/turtle/Responder/logs
          fi
          echo "python /etc/turtle/Responder/Responder.py -I br-lan" | at now
          echo "Responder started and logs are being saved to /sshfs/Responder/logs"
        else 
          echo "SSHFS not running"
        fi
        ;;
      tmp)
        if [ -s /etc/turtle/Responder/Responder.db ]; then
          rm -r /etc/turtle/Responder/Responder.db
        fi
        if [[ $(readlink /etc/turtle/Responder/logs) != "/tmp/Responder/logs" ]]; then
          rm -r /etc/turtle/Responder/logs
          mkdir -p /tmp/Responder/logs
          ln -s /tmp/Responder/logs /etc/turtle/Responder/logs
        fi
          echo "python /etc/turtle/Responder/Responder.py -I br-lan" | at now
          echo "Responder started and logs are being saved to /tmp/Responder/logs"
        ;;
    esac
  else
    echo "Responder not configured."
  fi
}

function stop {
  kill $(ps | grep -w [/]etc/turtle/Responder/Responder.py | awk {'print $1'})
}

function status {
  if ps | grep -w -q [/]etc/turtle/Responder/Responder.py; then echo "1"; else echo "0"; fi
}

function configure {
  if [ -s /etc/config/responder ];
  then
    responder_log=$(uci get responder.log)
  else
    touch /etc/config/responder
  fi

  dialog --ok-label "Submit" \
    --help-button \
    --title "Responder Configuration" \
    --radiolist "\n\
For information on the different log files, see Help\n\nNOTICE: The first time you run this module it may take a long time to load because of dependencies. Please let it finish.\n\nThe log files can be saved to SSHFS or /tmp.\n" 16 60 3\
    1 "Save log to SSHFS if available." off\
    2 "Save log to /tmp/" off\
  2>$CONF

  return=$?

  case $return in
    $DIALOG_OK)
      LOG=$(cat $CONF)
      case $LOG in
        1)
          uci set responder.log="sshfs"
          uci commit responder
          ;;
        2)
          uci set responder.log="tmp"
          uci commit responder
          ;;
      esac
    ;;
    $DIALOG_CANCEL)
      rm $CONF
      clear
      exit;;
    $DIALOG_HELP)
      dialog --title "Help" \
        --msgbox "\
Responder is an LLMNR, NBT-NS and MDNS poisoner. It will answer to specific NBT-NS (NetBIOS Name Service) queries based on their name suffix (see: http://support.microsoft.com/kb/163409).\n\
By default, the tool will only answer to File Server Service request, which is for SMB.\n\n\
The concept behind this is to target our answers, and be stealthier on the network. This also helps to ensure that we don't break legitimate NBT-NS behavior.\n\n\
All activity will be logged to Responder-Session.log\n\
Analyze mode will be logged to Analyze-Session.log\n\
Poisoning will be logged to Poisoners-Session.log\n\n\
All hashes are dumped an unique file John Jumbo compliant, using this format:\n\
(MODULE_NAME)-(HASH_TYPE)-(CLIENT_IP).txt\n\n\
For more information, see: https://github.com/SpiderLabs/Responder\n\
" 25 60
      configure
      ;;
    $DIALOG_ESC)
      clear;;
  esac
}
New module responder Responder is an LLMNR, NBT-NS and MDNS poisoner, with built-in HTTP/SMB/MSSQL/FTP/LDAP rogue authentication server supporting NTLMv1/NTLMv2/LMv2, Extended Security NTLMSSP and Basic HTTP authentication. The program itself can be viewed here: https://github.com/SpiderLabs/Responder I have created a module that can use this program and save the logs to sshfs or tmp. 2015-09-19 14:09:34 +00:00			`#!/bin/bash /usr/lib/turtle/turtle_module`
			`VERSION="1.0"`
			`DESCRIPTION="Responder - LLMNR, NBT-NS and MDNS poisoner"`
			`CONF=/tmp/responder.form`
			`AUTHOR=IMcPwn`

			`: ${DIALOG_OK=0}`
			`: ${DIALOG_CANCEL=1}`
			`: ${DIALOG_HELP=2}`
			`: ${DIALOG_EXTRA=3}`
			`: ${DIALOG_ESC=255}`

			`function start {`
			`if [ ! -s /usr/bin/git ]; then`
Minor fixes and upgrades Remove Responder Database. Add check for previous logs. 2015-09-19 22:21:56 +00:00			`opkg update && opkg install git`
New module responder Responder is an LLMNR, NBT-NS and MDNS poisoner, with built-in HTTP/SMB/MSSQL/FTP/LDAP rogue authentication server supporting NTLMv1/NTLMv2/LMv2, Extended Security NTLMSSP and Basic HTTP authentication. The program itself can be viewed here: https://github.com/SpiderLabs/Responder I have created a module that can use this program and save the logs to sshfs or tmp. 2015-09-19 14:09:34 +00:00			`fi`
Add dependency installer and fix formatting 2015-09-19 14:22:10 +00:00
			`if [ ! -s /usr/lib/python2.7/sqlite3/dbapi2.py ]; then`
			`opkg update && opkg install python-sqlite3`
			`fi`
New module responder Responder is an LLMNR, NBT-NS and MDNS poisoner, with built-in HTTP/SMB/MSSQL/FTP/LDAP rogue authentication server supporting NTLMv1/NTLMv2/LMv2, Extended Security NTLMSSP and Basic HTTP authentication. The program itself can be viewed here: https://github.com/SpiderLabs/Responder I have created a module that can use this program and save the logs to sshfs or tmp. 2015-09-19 14:09:34 +00:00
			`if [[ ! -d /etc/turtle/Responder \|\| ! -s /etc/turtle/Responder/Responder.py ]]; then`
			`rm -r /etc/turtle/Responder`
			`git clone git://github.com/SpiderLabs/Responder /etc/turtle/Responder`
			`fi`

			`if [ -s /etc/config/responder ];`
			`then`
			`responder_log=$(uci get responder.log)`
			`case $responder_log in`
			`sshfs)`
			`if pgrep sshfs > /dev/null; then`
Minor fixes and upgrades Remove Responder Database. Add check for previous logs. 2015-09-19 22:21:56 +00:00			`if [ -s /etc/turtle/Responder/Responder.db ]; then`
Fix formatting of start 2015-09-19 22:23:50 +00:00			`rm -r /etc/turtle/Responder/Responder.db`
			`fi`
Fix comparing log symlinks 2015-09-19 22:45:33 +00:00			`if [[ $(readlink /etc/turtle/Responder/logs) != "/sshfs/Responder/logs" ]]; then`
Minor fixes and upgrades Remove Responder Database. Add check for previous logs. 2015-09-19 22:21:56 +00:00			`rm -r /etc/turtle/Responder/logs`
			`mkdir -p /sshfs/Responder/logs`
Fix formatting of start 2015-09-19 22:23:50 +00:00			`ln -s /sshfs/Responder/logs /etc/turtle/Responder/logs`
			`fi`
Remove unnecessary if/else 2015-09-19 17:16:14 +00:00			`echo "python /etc/turtle/Responder/Responder.py -I br-lan" \| at now`
Add quotes around start message 2015-09-19 23:03:29 +00:00			`echo "Responder started and logs are being saved to /sshfs/Responder/logs"`
New module responder Responder is an LLMNR, NBT-NS and MDNS poisoner, with built-in HTTP/SMB/MSSQL/FTP/LDAP rogue authentication server supporting NTLMv1/NTLMv2/LMv2, Extended Security NTLMSSP and Basic HTTP authentication. The program itself can be viewed here: https://github.com/SpiderLabs/Responder I have created a module that can use this program and save the logs to sshfs or tmp. 2015-09-19 14:09:34 +00:00			`else`
			`echo "SSHFS not running"`
			`fi`
			`;;`
			`tmp)`
Fix formatting of start 2015-09-19 22:23:50 +00:00			`if [ -s /etc/turtle/Responder/Responder.db ]; then`
			`rm -r /etc/turtle/Responder/Responder.db`
			`fi`
Fix comparing log symlinks 2015-09-19 22:45:33 +00:00			`if [[ $(readlink /etc/turtle/Responder/logs) != "/tmp/Responder/logs" ]]; then`
Minor fixes and upgrades Remove Responder Database. Add check for previous logs. 2015-09-19 22:21:56 +00:00			`rm -r /etc/turtle/Responder/logs`
			`mkdir -p /tmp/Responder/logs`
Fix formatting of start 2015-09-19 22:23:50 +00:00			`ln -s /tmp/Responder/logs /etc/turtle/Responder/logs`
			`fi`
Minor fixes and upgrades Remove Responder Database. Add check for previous logs. 2015-09-19 22:21:56 +00:00			`echo "python /etc/turtle/Responder/Responder.py -I br-lan" \| at now`
Add quotes around start message 2015-09-19 23:03:29 +00:00			`echo "Responder started and logs are being saved to /tmp/Responder/logs"`
New module responder Responder is an LLMNR, NBT-NS and MDNS poisoner, with built-in HTTP/SMB/MSSQL/FTP/LDAP rogue authentication server supporting NTLMv1/NTLMv2/LMv2, Extended Security NTLMSSP and Basic HTTP authentication. The program itself can be viewed here: https://github.com/SpiderLabs/Responder I have created a module that can use this program and save the logs to sshfs or tmp. 2015-09-19 14:09:34 +00:00			`;;`
			`esac`
			`else`
			`echo "Responder not configured."`
			`fi`
			`}`

			`function stop {`
			`kill $(ps \| grep -w [/]etc/turtle/Responder/Responder.py \| awk {'print $1'})`
			`}`

			`function status {`
			`if ps \| grep -w -q [/]etc/turtle/Responder/Responder.py; then echo "1"; else echo "0"; fi`
			`}`

			`function configure {`
Fix missing semicolon 2015-09-19 16:48:48 +00:00			`if [ -s /etc/config/responder ];`
New module responder Responder is an LLMNR, NBT-NS and MDNS poisoner, with built-in HTTP/SMB/MSSQL/FTP/LDAP rogue authentication server supporting NTLMv1/NTLMv2/LMv2, Extended Security NTLMSSP and Basic HTTP authentication. The program itself can be viewed here: https://github.com/SpiderLabs/Responder I have created a module that can use this program and save the logs to sshfs or tmp. 2015-09-19 14:09:34 +00:00			`then`
			`responder_log=$(uci get responder.log)`
			`else`
			`touch /etc/config/responder`
			`fi`

			`dialog --ok-label "Submit" \`
			`--help-button \`
			`--title "Responder Configuration" \`
			`--radiolist "\n\`
Remove extra quotes 2015-09-19 14:52:31 +00:00			`For information on the different log files, see Help\n\nNOTICE: The first time you run this module it may take a long time to load because of dependencies. Please let it finish.\n\nThe log files can be saved to SSHFS or /tmp.\n" 16 60 3\`
New module responder Responder is an LLMNR, NBT-NS and MDNS poisoner, with built-in HTTP/SMB/MSSQL/FTP/LDAP rogue authentication server supporting NTLMv1/NTLMv2/LMv2, Extended Security NTLMSSP and Basic HTTP authentication. The program itself can be viewed here: https://github.com/SpiderLabs/Responder I have created a module that can use this program and save the logs to sshfs or tmp. 2015-09-19 14:09:34 +00:00			`1 "Save log to SSHFS if available." off\`
			`2 "Save log to /tmp/" off\`
			`2>$CONF`

			`return=$?`

			`case $return in`
			`$DIALOG_OK)`
			`LOG=$(cat $CONF)`
			`case $LOG in`
			`1)`
			`uci set responder.log="sshfs"`
			`uci commit responder`
			`;;`
			`2)`
			`uci set responder.log="tmp"`
			`uci commit responder`
			`;;`
			`esac`
			`;;`
			`$DIALOG_CANCEL)`
			`rm $CONF`
			`clear`
			`exit;;`
			`$DIALOG_HELP)`
			`dialog --title "Help" \`
			`--msgbox "\`
Improve help menu 2015-09-19 14:44:26 +00:00			`Responder is an LLMNR, NBT-NS and MDNS poisoner. It will answer to specific NBT-NS (NetBIOS Name Service) queries based on their name suffix (see: http://support.microsoft.com/kb/163409).\n\`
New module responder Responder is an LLMNR, NBT-NS and MDNS poisoner, with built-in HTTP/SMB/MSSQL/FTP/LDAP rogue authentication server supporting NTLMv1/NTLMv2/LMv2, Extended Security NTLMSSP and Basic HTTP authentication. The program itself can be viewed here: https://github.com/SpiderLabs/Responder I have created a module that can use this program and save the logs to sshfs or tmp. 2015-09-19 14:09:34 +00:00			`By default, the tool will only answer to File Server Service request, which is for SMB.\n\n\`
			`The concept behind this is to target our answers, and be stealthier on the network. This also helps to ensure that we don't break legitimate NBT-NS behavior.\n\n\`
Improve help menu 2015-09-19 14:44:26 +00:00			`All activity will be logged to Responder-Session.log\n\`
			`Analyze mode will be logged to Analyze-Session.log\n\`
			`Poisoning will be logged to Poisoners-Session.log\n\n\`
			`All hashes are dumped an unique file John Jumbo compliant, using this format:\n\`
			`(MODULE_NAME)-(HASH_TYPE)-(CLIENT_IP).txt\n\n\`
New module responder Responder is an LLMNR, NBT-NS and MDNS poisoner, with built-in HTTP/SMB/MSSQL/FTP/LDAP rogue authentication server supporting NTLMv1/NTLMv2/LMv2, Extended Security NTLMSSP and Basic HTTP authentication. The program itself can be viewed here: https://github.com/SpiderLabs/Responder I have created a module that can use this program and save the logs to sshfs or tmp. 2015-09-19 14:09:34 +00:00			`For more information, see: https://github.com/SpiderLabs/Responder\n\`
Improve help menu 2015-09-19 14:44:26 +00:00			`" 25 60`
New module responder Responder is an LLMNR, NBT-NS and MDNS poisoner, with built-in HTTP/SMB/MSSQL/FTP/LDAP rogue authentication server supporting NTLMv1/NTLMv2/LMv2, Extended Security NTLMSSP and Basic HTTP authentication. The program itself can be viewed here: https://github.com/SpiderLabs/Responder I have created a module that can use this program and save the logs to sshfs or tmp. 2015-09-19 14:09:34 +00:00			`configure`
			`;;`
			`$DIALOG_ESC)`
			`clear;;`
			`esac`
			`}`