hak5
/
lanturtle-modules
mirror of https://github.com/hak5/lanturtle-modules.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Update responder 

Fix missing dependency, ping 8.8.8.8 instead of lanturtle.com, move iptables rules to functions
pull/13/head
IMcPwn 2016-08-23 13:48:33 -04:00
parent bb89d00041
commit 68d4493522
No known key found for this signature in database
GPG Key ID: 44956F63526114AC
1 changed files with 49 additions and 48 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

97
modules/responder
View File

@ -3,7 +3,7 @@
# responder by IMcPwn
# http://imcpwn.com
VERSION="2.4"
VERSION="2.5"
DESCRIPTION="Responder - LLMNR, NBT-NS and MDNS poisoner"
CONF=/tmp/responder.form
AUTHOR=IMcPwn
@ -14,6 +14,43 @@ AUTHOR=IMcPwn
: ${DIALOG_EXTRA=3}
: ${DIALOG_ESC=255}
function enable_iptables {
iptables -t filter -I INPUT 1 -i eth1 -j ACCEPT
iptables -I INPUT 1 -i eth1 -p udp --dport 53 -j ACCEPT
iptables -I INPUT 1 -i eth1 -p udp --dport 137 -j ACCEPT
iptables -I INPUT 1 -i eth1 -p udp --dport 138 -j ACCEPT
iptables -I INPUT 1 -i eth1 -p udp --dport 389 -j ACCEPT
iptables -I INPUT 1 -i eth1 -p udp --dport 5553 -j ACCEPT
iptables -I INPUT 1 -i eth1 -p tcp --dport 21 -j ACCEPT
iptables -I INPUT 1 -i eth1 -p tcp --dport 25 -j ACCEPT
iptables -I INPUT 1 -i eth1 -p tcp --dport 80 -j ACCEPT
iptables -I INPUT 1 -i eth1 -p tcp --dport 110 -j ACCEPT
iptables -I INPUT 1 -i eth1 -p tcp --dport 139 -j ACCEPT
iptables -I INPUT 1 -i eth1 -p tcp --dport 389 -j ACCEPT
iptables -I INPUT 1 -i eth1 -p tcp --dport 445 -j ACCEPT
iptables -I INPUT 1 -i eth1 -p tcp --dport 1433 -j ACCEPT
iptables -I INPUT 1 -i eth1 -p tcp --dport 3141 -j ACCEPT
}
function disable_iptables {
#iptables -t filter -I INPUT 1 -i eth1 -j ACCEPT
iptables -t filter -D INPUT -i eth1 -j ACCEPT
iptables -D INPUT -i eth1 -p udp --dport 53 -j ACCEPT
iptables -D INPUT -i eth1 -p udp --dport 137 -j ACCEPT
iptables -D INPUT -i eth1 -p udp --dport 138 -j ACCEPT
iptables -D INPUT -i eth1 -p udp --dport 389 -j ACCEPT
iptables -D INPUT -i eth1 -p udp --dport 5553 -j ACCEPT
iptables -D INPUT -i eth1 -p tcp --dport 21 -j ACCEPT
iptables -D INPUT -i eth1 -p tcp --dport 25 -j ACCEPT
iptables -D INPUT -i eth1 -p tcp --dport 80 -j ACCEPT
iptables -D INPUT -i eth1 -p tcp --dport 110 -j ACCEPT
iptables -D INPUT -i eth1 -p tcp --dport 139 -j ACCEPT
iptables -D INPUT -i eth1 -p tcp --dport 389 -j ACCEPT
iptables -D INPUT -i eth1 -p tcp --dport 445 -j ACCEPT
iptables -D INPUT -i eth1 -p tcp --dport 1433 -j ACCEPT
iptables -D INPUT -i eth1 -p tcp --dport 3141 -j ACCEPT
}
function start {
if [ -s /etc/config/responder ];
then
@ -53,6 +90,13 @@ function start {
opkg update > /dev/null && opkg install python-sqlite3
fi
if [[ ! $(opkg list-installed | grep python-openssl) ]];
then
echo "Dependency python-openssl not installed. Installing..."
check_internet
opkg update > /dev/null && opkg install python-openssl
fi
if [[ ! -d /etc/turtle/Responder || ! -s /etc/turtle/Responder/Responder.py || ! -s /etc/turtle/Responder/Responder.conf ]];
then
echo "Required Responder files not found. Downloading..."
@ -85,21 +129,7 @@ function start {
then
if [[ $responder_interface == "eth1" ]];
then
iptables -t filter -I INPUT 1 -i eth1 -j ACCEPT
iptables -I INPUT 1 -i eth1 -p udp --dport 53 -j ACCEPT
iptables -I INPUT 1 -i eth1 -p udp --dport 137 -j ACCEPT
iptables -I INPUT 1 -i eth1 -p udp --dport 138 -j ACCEPT
iptables -I INPUT 1 -i eth1 -p udp --dport 389 -j ACCEPT
iptables -I INPUT 1 -i eth1 -p udp --dport 5553 -j ACCEPT
iptables -I INPUT 1 -i eth1 -p tcp --dport 21 -j ACCEPT
iptables -I INPUT 1 -i eth1 -p tcp --dport 25 -j ACCEPT
iptables -I INPUT 1 -i eth1 -p tcp --dport 80 -j ACCEPT
iptables -I INPUT 1 -i eth1 -p tcp --dport 110 -j ACCEPT
iptables -I INPUT 1 -i eth1 -p tcp --dport 139 -j ACCEPT
iptables -I INPUT 1 -i eth1 -p tcp --dport 389 -j ACCEPT
iptables -I INPUT 1 -i eth1 -p tcp --dport 445 -j ACCEPT
iptables -I INPUT 1 -i eth1 -p tcp --dport 1433 -j ACCEPT
iptables -I INPUT 1 -i eth1 -p tcp --dport 3141 -j ACCEPT
enable_iptables
fi
if [ -s /etc/turtle/Responder/Responder.db ];
@ -125,21 +155,7 @@ function start {
tmp)
if [[ $responder_interface == "eth1" ]];
then
iptables -t filter -I INPUT 1 -i eth1 -j ACCEPT
iptables -I INPUT 1 -i eth1 -p udp --dport 53 -j ACCEPT
iptables -I INPUT 1 -i eth1 -p udp --dport 137 -j ACCEPT
iptables -I INPUT 1 -i eth1 -p udp --dport 138 -j ACCEPT
iptables -I INPUT 1 -i eth1 -p udp --dport 389 -j ACCEPT
iptables -I INPUT 1 -i eth1 -p udp --dport 5553 -j ACCEPT
iptables -I INPUT 1 -i eth1 -p tcp --dport 21 -j ACCEPT
iptables -I INPUT 1 -i eth1 -p tcp --dport 25 -j ACCEPT
iptables -I INPUT 1 -i eth1 -p tcp --dport 80 -j ACCEPT
iptables -I INPUT 1 -i eth1 -p tcp --dport 110 -j ACCEPT
iptables -I INPUT 1 -i eth1 -p tcp --dport 139 -j ACCEPT
iptables -I INPUT 1 -i eth1 -p tcp --dport 389 -j ACCEPT
iptables -I INPUT 1 -i eth1 -p tcp --dport 445 -j ACCEPT
iptables -I INPUT 1 -i eth1 -p tcp --dport 1433 -j ACCEPT
iptables -I INPUT 1 -i eth1 -p tcp --dport 3141 -j ACCEPT
enable_iptables
fi
if [ -s /etc/turtle/Responder/Responder.db ];
@ -175,22 +191,7 @@ function stop {
responder_interface=$(uci get responder.interface)
if [[ $responder_interface == "eth1" ]];
then
#iptables -t filter -I INPUT 1 -i eth1 -j ACCEPT
iptables -t filter -D INPUT -i eth1 -j ACCEPT
iptables -D INPUT -i eth1 -p udp --dport 53 -j ACCEPT
iptables -D INPUT -i eth1 -p udp --dport 137 -j ACCEPT
iptables -D INPUT -i eth1 -p udp --dport 138 -j ACCEPT
iptables -D INPUT -i eth1 -p udp --dport 389 -j ACCEPT
iptables -D INPUT -i eth1 -p udp --dport 5553 -j ACCEPT
iptables -D INPUT -i eth1 -p tcp --dport 21 -j ACCEPT
iptables -D INPUT -i eth1 -p tcp --dport 25 -j ACCEPT
iptables -D INPUT -i eth1 -p tcp --dport 80 -j ACCEPT
iptables -D INPUT -i eth1 -p tcp --dport 110 -j ACCEPT
iptables -D INPUT -i eth1 -p tcp --dport 139 -j ACCEPT
iptables -D INPUT -i eth1 -p tcp --dport 389 -j ACCEPT
iptables -D INPUT -i eth1 -p tcp --dport 445 -j ACCEPT
iptables -D INPUT -i eth1 -p tcp --dport 1433 -j ACCEPT
iptables -D INPUT -i eth1 -p tcp --dport 3141 -j ACCEPT
disable_iptables
fi
if pgrep -f Responder.py > /dev/null; then kill $(pgrep -f Responder.py); fi
echo "Responder stopped"
@ -201,7 +202,7 @@ function status {
}
function check_internet {
ping -q -w 5 -c 1 lanturtle.com &> /dev/null && {
ping -q -w 5 -c 1 8.8.8.8 &> /dev/null && {
:
} || {
echo -e "\nThe LAN Turtle is currently offline. The previous\noperation requires an internet connection."