griffr10
commented
3 weeks ago We are seeing the same issue on our current test. It causes Responder to crash within minutes.
Open 7MinSec opened 3 weeks ago
griffr10
commented
3 weeks ago We are seeing the same issue on our current test. It causes Responder to crash within minutes.
lgandx
commented
3 weeks ago Could you provide the stack trace?
Thanks,
On Tue, Aug 20, 2024, 5:34 PM griffr10 @.***> wrote:
We are seeing the same issue on our current test. It causes Responder to crash within minutes.
— Reply to this email directly, view it on GitHub https://github.com/lgandx/Responder/issues/284#issuecomment-2299716988, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAC5Q2E7NNU6BZYO4LOXMEDZSOR6PAVCNFSM6AAAAABMU7R2NCVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDEOJZG4YTMOJYHA . You are receiving this because you are subscribed to this thread.Message ID: @.***>
griffr10
commented
3 weeks ago Command:
sudo python3 Responder.py -I eth0 --lm --disable-ess
Stack Trace:
---------------------------------------- File "/usr/lib/python3.11/socketserver.py", line 755, in __init__ self.handle() File "/home/kali/Tools/Responder/poisoners/MDNS.py", line 85, in handle SavePoisonersToDb({ File "/home/kali/Tools/Responder/utils.py", line 406, in SavePoisonersToDb cursor.execute("INSERT INTO Poisoned VALUES(datetime('now'), ?, ?, ?, ?)", (result['Poisoner'], result['SentToIp'], result['ForName'], result['AnalyzeMode'])) sqlite3.OperationalError: database is locked File "/home/kali/Tools/Responder/poisoners/MDNS.py", line 103, in handle SavePoisonersToDb({ File "/usr/lib/python3.11/socketserver.py", line 755, in __init__ self.handle() File "/home/kali/Tools/Responder/poisoners/MDNS.py", line 85, in handle SavePoisonersToDb({ File "/home/kali/Tools/Responder/utils.py", line 406, in SavePoisonersToDb cursor.execute("INSERT INTO Poisoned VALUES(datetime('now'), ?, ?, ?, ?)", (result['Poisoner'], result['SentToIp'], result['ForName'], result['AnalyzeMode'])) File "/home/kali/Tools/Responder/utils.py", line 406, in SavePoisonersToDb cursor.execute("INSERT INTO Poisoned VALUES(datetime('now'), ?, ?, ?, ?)", (result['Poisoner'], result['SentToIp'], result['ForName'], result['AnalyzeMode'])) sqlite3.OperationalError: database is locked sqlite3.OperationalError: database is locked
I believe the issue may be occurring because responder is repeatedly trying to poison the same IP and name combination and it is filling the database. A snippet of what we are seeing can be found below.
[*] [MDNS] Poisoned answer sent to fe80::59b4:f827:4e14:2034 for name search-name(4037)._dosvc[*] [MDNS] Poisoned answer sent to 10.11.20.135 for name search-name(4038)._dosvc [*] [MDNS] Poisoned answer sent to 10.11.20.135 for name search-name(4039)._dosvc [*] [MDNS] Poisoned answer sent to 10.11.20.135 for name search-name(4040)._dosvc [*] [MDNS] Poisoned answer sent to 10.11.20.135 for name search-name(4041)._dosvc [*] [MDNS] Poisoned answer sent to 10.11.20.135 for name search-name(4042)._dosvc [*] [MDNS] Poisoned answer sent to 10.11.20.135 for name search-name(4043)._dosvc [*] [MDNS] Poisoned answer sent to 10.11.20.135 for name search-name(4044)._dosvc [*] [MDNS] Poisoned answer sent to 10.11.20.135 for name search-name(4045)._dosvc [*] [MDNS] Poisoned answer sent to 10.11.20.135 for name search-name(4046)._dosvc [*] [MDNS] Poisoned answer sent to 10.11.20.135 for name search-name(4047)._dosvc [*] [MDNS] Poisoned answer sent to fe80::59b4:f827:4e14:2034 for name search-name(4047)._dosvc[*] [MDNS] Poisoned answer sent to 10.11.20.135 for name search-name(4049)._dosvc ---------------------------------------- Exception occurred during processing of request from ('::ffff:10.11.20.135', 5353, 0, 0) ---------------------------------------- [*] [MDNS] Poisoned answer sent to 10.11.20.135 for name search-name(4050)._dosvc [*] [MDNS] Poisoned answer sent to fe80::59b4:f827:4e14:2034 for name search-name(4050)._dosvc
7MinSec
commented
3 weeks ago And not sure this is helpful but I eventually got this "fixed" on my pentest by setting Responder to not respond to about half a dozen IPv4/IPv6 addresses. I can do some unblocking of addresses later in this engagement if you need me to do some testing or data-gathering, but right now I need Responder working :-)
7MinSec
commented
3 weeks ago Just started a new test today and was having the same issue. I killed Python process and reviewed logs and found tons of entries like this:
Poisoned answer sent to "CLIENT_SYSTEM_IPV6_ADDRESS for name "MY-PENTEST-BOX-NAME(4508)._dosvc
[*] [MDNS] Poisoned answer sent to CLIENT_SYSTEM_IPV4_ADDRESS for name MY-PENTEST-BOX-NAME(4509)._dosvcThe number in parentheses goes up with each "hit." I added both the IPv4 and IPv6 addresses do dontrespondto and that quieted things down to where I could run the tool without it crashing.
3ldidi94
commented
2 weeks ago Same issue here. I also need to add IPv4 addresses in the DontRespondTo setting to avoid this issue but the tool become less interesting with that setting
mattysmith00
commented
1 week ago I've been having the same issue for the past few weeks. I have tested it on older versions of Kali from 2022 - 2024, still had the same issue, so switched from Virtualbox to VMware. Issue still remained.
jeffmcjunkin
commented
5 days ago I had the same in an isolated environment with a Windows 11 23H2 host being the box looping in responses.
puzzlepeaches
commented
22 hours ago Cheaty fix that I'm too lazy to create an MR for below:
poisoners/MDNS.pyMDNSType = Parse_IPV6_Addr(data) add the followingif b"_dosvc" in data:
return
Hello,
Something weird I've never seen on a test before: I start Responder-ing like normal with
responder.py -I eth0 -Pvand then several devices on the network end up Responder-spamming me with hundreds of request like this:Within a few seconds the console log is overwhelmed, errors start popping up, and I have to kill the process.
I've tried playing with the Responder.conf file to see if there's something I can set in the "don't respond to" sections, but I can't get things quieted down. Any ideas?
Thanks, Brian