From 1a9b2cfca9ef284d6f632f3cc1c93d656f359f8a Mon Sep 17 00:00:00 2001 From: derekkddj Date: Thu, 3 Oct 2024 16:26:21 +0200 Subject: [PATCH 1/2] changes to disable LDAP and FTP in responder when they are used by "interactsh" --- README.md | 2 +- cmd/interactsh-server/main.go | 18 ++++++++++-------- pkg/options/server_options.go | 1 + pkg/server/responder_server.go | 15 +++++++++++++-- 4 files changed, 25 insertions(+), 11 deletions(-) diff --git a/README.md b/README.md index 8bfd9ff9..2a428391 100644 --- a/README.md +++ b/README.md @@ -804,7 +804,7 @@ $ sudo interactsh-server -responder -d localhost On default settings, the daemon listens on the following ports: - UDP: 137, 138, 1434 -+ TCP: 21 (might collide with FTP daemon if used), 110, 135, 139, 389, 445, 1433, 3141, 3128 ++ TCP: 21 (might collide with FTP daemon if used), 110, 135, 139, 389 (might collide with LDAP server), 445, 1433, 3141, 3128 ## Interactsh Integration diff --git a/cmd/interactsh-server/main.go b/cmd/interactsh-server/main.go index e9b08a9f..15071927 100644 --- a/cmd/interactsh-server/main.go +++ b/cmd/interactsh-server/main.go @@ -85,7 +85,8 @@ func main() { flagSet.IntVar(&cliOptions.SmtpsPort, "smtps-port", 587, "port to use for smtps service"), flagSet.IntVar(&cliOptions.SmtpAutoTLSPort, "smtp-autotls-port", 465, "port to use for smtps autotls service"), flagSet.IntVar(&cliOptions.LdapPort, "ldap-port", 389, "port to use for ldap service"), - flagSet.BoolVar(&cliOptions.LdapWithFullLogger, "ldap", false, "enable ldap server with full logging (authenticated)"), + flagSet.BoolVar(&cliOptions.Ldap, "ldap", true, "enable ldap server"), + flagSet.BoolVar(&cliOptions.LdapWithFullLogger, "ldapFullLog", false, "enable ldap server with full logging (authenticated)"), flagSet.BoolVarP(&cliOptions.RootTLD, "wildcard", "wc", false, "enable wildcard interaction for interactsh domain (authenticated)"), flagSet.BoolVar(&cliOptions.Smb, "smb", false, "start smb agent - impacket and python 3 must be installed (authenticated)"), flagSet.BoolVar(&cliOptions.Responder, "responder", false, "start responder agent - docker must be installed (authenticated)"), @@ -319,13 +320,14 @@ func main() { go smtpServer.ListenAndServe(tlsConfig, smtpAlive, smtpsAlive) ldapAlive := make(chan bool) - ldapServer, err := server.NewLDAPServer(serverOptions, cliOptions.LdapWithFullLogger) - if err != nil { - gologger.Fatal().Msgf("Could not create LDAP server: %s", err) + if cliOptions.Ldap { + ldapServer, err := server.NewLDAPServer(serverOptions, cliOptions.LdapWithFullLogger) + if err != nil { + gologger.Fatal().Msgf("Could not create LDAP server: %s", err) + } + go ldapServer.ListenAndServe(tlsConfig, ldapAlive) + defer ldapServer.Close() } - go ldapServer.ListenAndServe(tlsConfig, ldapAlive) - defer ldapServer.Close() - ftpAlive := make(chan bool) ftpsAlive := make(chan bool) if cliOptions.Ftp { @@ -338,7 +340,7 @@ func main() { responderAlive := make(chan bool) if cliOptions.Responder { - responderServer, err := server.NewResponderServer(serverOptions) + responderServer, err := server.NewResponderServer(serverOptions,cliOptions.Ldap,cliOptions.Ftp) if err != nil { gologger.Fatal().Msgf("Could not create SMB server: %s", err) } diff --git a/pkg/options/server_options.go b/pkg/options/server_options.go index 55563280..557da8bc 100644 --- a/pkg/options/server_options.go +++ b/pkg/options/server_options.go @@ -17,6 +17,7 @@ type CLIServerOptions struct { HttpsPort int Hostmasters []string LdapWithFullLogger bool + Ldap bool Eviction int NoEviction bool Responder bool diff --git a/pkg/server/responder_server.go b/pkg/server/responder_server.go index ab6d6052..abb96722 100644 --- a/pkg/server/responder_server.go +++ b/pkg/server/responder_server.go @@ -24,6 +24,8 @@ var responderMonitorList map[string]string = map[string]string{ // ResponderServer is a Responder wrapper server instance type ResponderServer struct { options *Options + ldapInteract bool + ftpInteract bool LogFile string ipAddress net.IP cmd *exec.Cmd @@ -31,9 +33,11 @@ type ResponderServer struct { } // NewResponderServer returns a new SMB server. -func NewResponderServer(options *Options) (*ResponderServer, error) { +func NewResponderServer(options *Options,LdapInteract bool,FtpInteract bool) (*ResponderServer, error) { server := &ResponderServer{ options: options, + ldapInteract:LdapInteract, + ftpInteract:FtpInteract, ipAddress: net.ParseIP(options.IPAddress), } return server, nil @@ -51,7 +55,14 @@ func (h *ResponderServer) ListenAndServe(responderAlive chan bool) error { } h.tmpFolder = tmpFolder // execute dockerized responder - cmdLine := "docker run -p 137:137/udp -p 138:138/udp -p 389:389 -p 1433:1433 -p 1434:1434/udp -p 135:135 -p 139:139 -p 445:445 -p 21:21 -p 3141:3141 -p 110:110 -p 3128:3128 -p 5355:5355/udp -v " + h.tmpFolder + ":/opt/Responder/logs --rm interactsh:latest" + cmdLine := "docker run -p 137:137/udp -p 138:138/udp -p 1433:1433 -p 1434:1434/udp -p 135:135 -p 139:139 -p 445:445 -p 3141:3141 -p 110:110 -p 3128:3128 -p 5355:5355/udp" + if !h.ldapInteract{ + cmdLine += " -p 389:389 " + } + if !h.ftpInteract{ + cmdLine += " -p 21:21 " + } + cmdLine += " -v " + h.tmpFolder + ":/opt/Responder/logs --rm interactsh:latest" args := strings.Fields(cmdLine) h.cmd = exec.Command(args[0], args[1:]...) err = h.cmd.Start() From 1ee1954e501118206bd6bfdd9e72f14d85fbfe82 Mon Sep 17 00:00:00 2001 From: derekkddj Date: Tue, 21 Jan 2025 12:09:59 +0100 Subject: [PATCH 2/2] gofumpted and stinrg.builder --- pkg/server/responder_server.go | 37 ++++++++++++++++++---------------- 1 file changed, 20 insertions(+), 17 deletions(-) diff --git a/pkg/server/responder_server.go b/pkg/server/responder_server.go index abb96722..d5e762ad 100644 --- a/pkg/server/responder_server.go +++ b/pkg/server/responder_server.go @@ -23,22 +23,22 @@ var responderMonitorList map[string]string = map[string]string{ // ResponderServer is a Responder wrapper server instance type ResponderServer struct { - options *Options + options *Options ldapInteract bool ftpInteract bool - LogFile string - ipAddress net.IP - cmd *exec.Cmd - tmpFolder string + LogFile string + ipAddress net.IP + cmd *exec.Cmd + tmpFolder string } // NewResponderServer returns a new SMB server. -func NewResponderServer(options *Options,LdapInteract bool,FtpInteract bool) (*ResponderServer, error) { +func NewResponderServer(options *Options, LdapInteract bool, FtpInteract bool) (*ResponderServer, error) { server := &ResponderServer{ - options: options, - ldapInteract:LdapInteract, - ftpInteract:FtpInteract, - ipAddress: net.ParseIP(options.IPAddress), + options: options, + ldapInteract: LdapInteract, + ftpInteract: FtpInteract, + ipAddress: net.ParseIP(options.IPAddress), } return server, nil } @@ -55,15 +55,18 @@ func (h *ResponderServer) ListenAndServe(responderAlive chan bool) error { } h.tmpFolder = tmpFolder // execute dockerized responder - cmdLine := "docker run -p 137:137/udp -p 138:138/udp -p 1433:1433 -p 1434:1434/udp -p 135:135 -p 139:139 -p 445:445 -p 3141:3141 -p 110:110 -p 3128:3128 -p 5355:5355/udp" - if !h.ldapInteract{ - cmdLine += " -p 389:389 " + var cmdLine strings.Builder + cmdLine.WriteString("docker run -p 137:137/udp -p 138:138/udp -p 1433:1433 -p 1434:1434/udp -p 135:135 -p 139:139 -p 445:445 -p 3141:3141 -p 110:110 -p 3128:3128 -p 5355:5355/udp") + if !h.ldapInteract { + cmdLine.WriteString(" -p 389:389 ") } - if !h.ftpInteract{ - cmdLine += " -p 21:21 " + if !h.ftpInteract { + cmdLine.WriteString(" -p 21:21 ") } - cmdLine += " -v " + h.tmpFolder + ":/opt/Responder/logs --rm interactsh:latest" - args := strings.Fields(cmdLine) + cmdLine.WriteString(" -v ") + cmdLine.WriteString(h.tmpFolder) + cmdLine.WriteString(":/opt/Responder/logs --rm interactsh:latest") + args := strings.Fields(cmdLine.String()) h.cmd = exec.Command(args[0], args[1:]...) err = h.cmd.Start() if err != nil {