GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → sensepost → autoresponder

sensepost / autoresponder

Licence: other
Quick python script to automatically load NTLM hashes from Responder logs and fires up Hashcat to crack them

Programming Languages

python
139335 projects - #7 most used programming language

"Auto-Responder"

This project is highly inspired from Autoresp from Dan McInerney. Check out his project.

The aim of this python script is to run in addition with Responder while doing internal assessments. This script will monitor the logs from Responder, loads NTLMv1 and NTLMv2 on the fly and crack them with your instance of Hashcat. Locally.

Works out of the box on Kali Linux (including 2.0)

Installation

Clone the repo:

git clone <repo> && cd autoresponder

And.. you're done.

Usage

The command python auto_responder.py -h will actually show you this usage:

python auto_responder.py -h
usage: auto_responder.py [-h] [-w WORDLIST] [-l LOGS_DIR] [-b HASHCAT_PATH]
                         [-a HASHCAT_ARGS]

Auto Responder - @PaulWebSec (SensePost)

optional arguments:
  -h, --help       show this help message and exit
  -w WORDLIST      Path to the worlists. eg. /wordlists/*.txt
  -l LOGS_DIR      Path to Responder binary (default: /usr/share/responder)
  -b HASHCAT_PATH  Path to Hashcat binary (default: /usr/bin/hashcat)
  -a HASHCAT_ARGS  Arguments to pass to hashcat. eg. "-r
                   /usr/share/hashcat/rules/best64.rule"

Parameters logs_dir and hashcat_path are not mandatory. Defaults are Kali ones. The only mandatory parameter is the wordlist one.

python auto_responder.py -w '/usr/share/wordlists/metasploit/*'
48 NTLMv2 hashes loaded.
2 NTLMv1 hashes loaded.
[!] Cracked NTLMv2 hash: SMB12\ADMIN:password (172.16.93.1)
[!] Cracked NTLMv2 hash: WORKGROUP\ROOT: (172.16.93.132)
[!] Cracked NTLMv2 hash: SMB12\GUEST: (172.16.93.1)

As soon as you launch the script, it will retrieve all the hashes stored in the logs folder and start bruteforcing them.

Contributing

I developped this script in few hours, which means it might contains bugs. For new features ping me on Twitter @PaulWebSec

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].