search

purpleteam / snarf

Snarf man-in-the-middle / relay suite
GNU General Public License v2.0
202 stars 60 forks source link

New connection #2

Closed mubix closed 10 years ago

mubix commented 10 years ago

Not sure this is what is supposed to happen, but when I get a new connections a lot of errors start outputting

root@wpad:~/snarf# nodejs snarf.js 172.16.102.163
21:02:20 SNARF - 0.2 - SMB Man in the Middle Attack Engine
21:02:20 by Josh Stone (yakovdk@gmail.com) and Victor Mata (TBD)
21:02:20 Router: iptables -t nat -X SNARF
21:02:20 Default IP is false
21:02:20 Created control server, direct browser to http://localhost:4001/
21:02:20 Interception server bound to 172.16.102.163:445
21:02:20 Router: iptables -t nat -N SNARF
21:02:20 Router: iptables -t nat -A SNARF -p tcp -j LOG
21:02:20 Router: iptables -t nat -A SNARF -p tcp --dport 445 -j DNAT --to 172.16.102.163:445
21:02:20 Router: To intercept, run 'iptables -t nat -A PREROUTING -p tcp --dport 445 -j SNARF'
21:08:30 Client 172.16.102.141:4388 connected
21:08:31 DB hit -- found connection from iptables
21:08:31 Client 172.16.102.163:56221 connected
21:08:31 Server connected, will relay to 172.16.102.163
21:08:31 Scrubbing SMB2 dialect
21:08:31 Scrubbing SMB2 dialect
21:08:31 [0] Client: SMB (155 bytes), CMD: SMB_COM_NEGOTIATE
21:08:31 DB Timeout looking for connection from 172.16.102.163:56221
21:08:31 DB Timeout looking for connection from 172.16.102.163:56221
21:08:31 DB Timeout looking for connection from 172.16.102.163:56221
21:08:31 DB Timeout looking for connection from 172.16.102.163:56221
21:08:31 DB Timeout looking for connection from 172.16.102.163:56221
21:08:31 DB Timeout looking for connection from 172.16.102.163:56221
21:08:31 DB Timeout looking for connection from 172.16.102.163:56221
21:08:31 DB Timeout looking for connection from 172.16.102.163:56221
21:08:31 DB Timeout looking for connection from 172.16.102.163:56221
21:08:32 DB Timeout looking for connection from 172.16.102.163:56221
21:08:32 DB Timeout looking for connection from 172.16.102.163:56221
21:08:32 DB Timeout looking for connection from 172.16.102.163:56221
21:08:32 DB Timeout looking for connection from 172.16.102.163:56221
21:08:32 DB Timeout looking for connection from 172.16.102.163:56221
21:08:32 DB Timeout looking for connection from 172.16.102.163:56221
21:08:32 DB Timeout looking for connection from 172.16.102.163:56221
21:08:32 DB Timeout looking for connection from 172.16.102.163:56221
21:08:32 DB Timeout looking for connection from 172.16.102.163:56221
21:08:32 DB Timeout looking for connection from 172.16.102.163:56221
21:08:33 DB Timeout looking for connection from 172.16.102.163:56221
21:08:33 DB Timeout looking for connection from 172.16.102.163:56221
21:08:33 DB Timeout looking for connection from 172.16.102.163:56221
21:08:33 DB Timeout looking for connection from 172.16.102.163:56221
21:08:33 DB Timeout looking for connection from 172.16.102.163:56221
21:08:33 DB Timeout looking for connection from 172.16.102.163:56221
21:08:33 DB Timeout looking for connection from 172.16.102.163:56221
21:08:33 DB Timeout looking for connection from 172.16.102.163:56221
21:08:33 DB Timeout looking for connection from 172.16.102.163:56221
21:08:33 DB Timeout looking for connection from 172.16.102.163:56221
21:08:34 DB Timeout looking for connection from 172.16.102.163:56221
21:08:34 DB Timeout looking for connection from 172.16.102.163:56221
21:08:34 DB Timeout looking for connection from 172.16.102.163:56221
21:08:34 DB Timeout looking for connection from 172.16.102.163:56221
21:08:34 DB Timeout looking for connection from 172.16.102.163:56221
21:08:34 DB Timeout looking for connection from 172.16.102.163:56221
21:08:34 DB Timeout looking for connection from 172.16.102.163:56221
21:08:34 DB Timeout looking for connection from 172.16.102.163:56221
21:08:34 DB Timeout looking for connection from 172.16.102.163:56221
21:08:34 DB Timeout looking for connection from 172.16.102.163:56221
21:08:35 DB Timeout looking for connection from 172.16.102.163:56221
21:08:35 DB Timeout looking for connection from 172.16.102.163:56221
21:08:35 DB Timeout looking for connection from 172.16.102.163:56221
21:08:35 DB Timeout looking for connection from 172.16.102.163:56221
21:08:35 DB Timeout looking for connection from 172.16.102.163:56221
21:08:35 DB Timeout looking for connection from 172.16.102.163:56221
21:08:35 DB Timeout looking for connection from 172.16.102.163:56221
21:08:35 DB Timeout looking for connection from 172.16.102.163:56221
21:08:35 DB Timeout looking for connection from 172.16.102.163:56221
21:08:35 DB Timeout looking for connection from 172.16.102.163:56221
21:08:36 DB Timeout looking for connection from 172.16.102.163:56221
21:08:36 DB Timeout looking for connection from 172.16.102.163:56221
21:08:36 DB Timeout looking for connection from 172.16.102.163:56221
21:08:36 DB Timeout looking for connection from 172.16.102.163:56221
21:08:36 DB Timeout looking for connection from 172.16.102.163:56221
21:08:36 DB Timeout looking for connection from 172.16.102.163:56221
21:08:36 DB Timeout looking for connection from 172.16.102.163:56221
21:08:36 DB Timeout looking for connection from 172.16.102.163:56221
21:08:36 DB Timeout looking for connection from 172.16.102.163:56221
21:08:36 DB Timeout looking for connection from 172.16.102.163:56221
21:08:37 DB Timeout looking for connection from 172.16.102.163:56221
21:08:37 DB Timeout looking for connection from 172.16.102.163:56221
21:08:37 DB Timeout looking for connection from 172.16.102.163:56221
21:08:37 DB Timeout looking for connection from 172.16.102.163:56221
21:08:37 DB Timeout looking for connection from 172.16.102.163:56221
21:08:37 DB Timeout looking for connection from 172.16.102.163:56221
21:08:37 DB Timeout looking for connection from 172.16.102.163:56221
21:08:37 DB Timeout looking for connection from 172.16.102.163:56221
21:08:37 DB Timeout looking for connection from 172.16.102.163:56221
21:08:37 DB Timeout looking for connection from 172.16.102.163:56221
21:08:38 DB Timeout looking for connection from 172.16.102.163:56221
21:08:38 DB Timeout looking for connection from 172.16.102.163:56221
21:08:38 DB Timeout looking for connection from 172.16.102.163:56221
21:08:38 DB Timeout looking for connection from 172.16.102.163:56221
21:08:38 DB Timeout looking for connection from 172.16.102.163:56221
21:08:38 DB Timeout looking for connection from 172.16.102.163:56221
21:08:38 DB Timeout looking for connection from 172.16.102.163:56221
21:08:38 DB Timeout looking for connection from 172.16.102.163:56221
21:08:38 DB Timeout looking for connection from 172.16.102.163:56221
21:08:38 DB Timeout looking for connection from 172.16.102.163:56221
21:08:39 DB Timeout looking for connection from 172.16.102.163:56221
21:08:39 DB Timeout looking for connection from 172.16.102.163:56221
21:08:39 DB Timeout looking for connection from 172.16.102.163:56221
21:08:39 DB Timeout looking for connection from 172.16.102.163:56221
21:08:39 DB Timeout looking for connection from 172.16.102.163:56221
21:08:39 DB Timeout looking for connection from 172.16.102.163:56221
21:08:39 DB Timeout looking for connection from 172.16.102.163:56221
21:08:39 DB Timeout looking for connection from 172.16.102.163:56221
21:08:39 DB Timeout looking for connection from 172.16.102.163:56221
21:08:39 DB Timeout looking for connection from 172.16.102.163:56221
21:08:40 DB Timeout looking for connection from 172.16.102.163:56221
21:08:40 DB Timeout looking for connection from 172.16.102.163:56221
21:08:40 DB Timeout looking for connection from 172.16.102.163:56221
21:08:40 DB Timeout looking for connection from 172.16.102.163:56221
21:08:40 DB Timeout looking for connection from 172.16.102.163:56221
21:08:40 DB Timeout looking for connection from 172.16.102.163:56221
21:08:40 DB Timeout looking for connection from 172.16.102.163:56221
21:08:40 DB Timeout looking for connection from 172.16.102.163:56221
21:08:40 DB Timeout looking for connection from 172.16.102.163:56221
21:08:40 DB Timeout looking for connection from 172.16.102.163:56221
21:08:41 DB Timeout looking for connection from 172.16.102.163:56221
21:08:41 DB Timeout looking for connection from 172.16.102.163:56221
21:08:41 DB Timeout looking for connection from 172.16.102.163:56221
21:08:41 DB Timeout looking for connection from 172.16.102.163:56221
21:08:41 DB Timeout looking for connection from 172.16.102.163:56221
21:08:41 DB Timeout looking for connection from 172.16.102.163:56221
21:08:41 DB Timeout looking for connection from 172.16.102.163:56221
21:08:41 DB Timeout looking for connection from 172.16.102.163:56221
21:08:41 DB Timeout looking for connection from 172.16.102.163:56221
21:08:42 DB Timeout looking for connection from 172.16.102.163:56221
21:08:42 DB Timeout looking for connection from 172.16.102.163:56221
21:08:42 DB Timeout looking for connection from 172.16.102.163:56221
21:08:42 DB Timeout looking for connection from 172.16.102.163:56221
21:08:42 DB Timeout looking for connection from 172.16.102.163:56221
21:08:42 DB Timeout looking for connection from 172.16.102.163:56221
21:08:42 DB Timeout looking for connection from 172.16.102.163:56221
21:08:42 DB Timeout looking for connection from 172.16.102.163:56221
21:08:42 DB Timeout looking for connection from 172.16.102.163:56221
21:08:42 DB Timeout looking for connection from 172.16.102.163:56221
21:08:43 DB Timeout looking for connection from 172.16.102.163:56221
21:08:43 DB Timeout looking for connection from 172.16.102.163:56221
21:08:43 DB Timeout looking for connection from 172.16.102.163:56221
21:08:43 DB Timeout looking for connection from 172.16.102.163:56221
21:08:43 DB Timeout looking for connection from 172.16.102.163:56221
21:08:43 DB Timeout looking for connection from 172.16.102.163:56221
21:08:43 DB Timeout looking for connection from 172.16.102.163:56221
21:08:43 DB Timeout looking for connection from 172.16.102.163:56221
21:08:43 DB Timeout looking for connection from 172.16.102.163:56221
21:08:43 DB Timeout looking for connection from 172.16.102.163:56221
21:08:44 DB Timeout looking for connection from 172.16.102.163:56221
21:08:44 DB Timeout looking for connection from 172.16.102.163:56221
21:08:44 DB Timeout looking for connection from 172.16.102.163:56221
21:08:44 DB Timeout looking for connection from 172.16.102.163:56221
21:08:44 DB Timeout looking for connection from 172.16.102.163:56221
21:08:44 DB Timeout looking for connection from 172.16.102.163:56221
21:08:44 DB Timeout looking for connection from 172.16.102.163:56221
21:08:44 DB Timeout looking for connection from 172.16.102.163:56221
21:08:44 DB Timeout looking for connection from 172.16.102.163:56221
21:08:44 DB Timeout looking for connection from 172.16.102.163:56221
21:08:45 DB Timeout looking for connection from 172.16.102.163:56221
21:08:45 DB Timeout looking for connection from 172.16.102.163:56221
21:08:45 DB Timeout looking for connection from 172.16.102.163:56221
21:08:45 DB Timeout looking for connection from 172.16.102.163:56221
21:08:45 DB Timeout looking for connection from 172.16.102.163:56221
21:08:45 DB Timeout looking for connection from 172.16.102.163:56221
21:08:45 DB Timeout looking for connection from 172.16.102.163:56221
21:08:45 DB Timeout looking for connection from 172.16.102.163:56221
21:08:45 DB Timeout looking for connection from 172.16.102.163:56221
21:08:45 DB Timeout looking for connection from 172.16.102.163:56221
21:08:46 DB Timeout looking for connection from 172.16.102.163:56221
21:08:46 DB Timeout looking for connection from 172.16.102.163:56221
21:08:46 DB Timeout looking for connection from 172.16.102.163:56221
21:08:46 DB Timeout looking for connection from 172.16.102.163:56221
21:08:46 DB Timeout looking for connection from 172.16.102.163:56221
21:08:46 DB Timeout looking for connection from 172.16.102.163:56221
21:08:46 DB Timeout looking for connection from 172.16.102.163:56221
21:08:46 DB Timeout looking for connection from 172.16.102.163:56221
21:08:46 DB Timeout looking for connection from 172.16.102.163:56221
21:08:46 DB Timeout looking for connection from 172.16.102.163:56221
21:08:47 DB Timeout looking for connection from 172.16.102.163:56221
21:08:47 DB Timeout looking for connection from 172.16.102.163:56221
21:08:47 DB Timeout looking for connection from 172.16.102.163:56221
21:08:47 DB Timeout looking for connection from 172.16.102.163:56221
21:08:47 DB Timeout looking for connection from 172.16.102.163:56221
21:08:47 DB Timeout looking for connection from 172.16.102.163:56221
21:08:47 DB Timeout looking for connection from 172.16.102.163:56221
21:08:47 DB Timeout looking for connection from 172.16.102.163:56221
21:08:47 DB Timeout looking for connection from 172.16.102.163:56221
21:08:47 DB Timeout looking for connection from 172.16.102.163:56221
21:08:48 DB Timeout looking for connection from 172.16.102.163:56221
21:08:48 DB Timeout looking for connection from 172.16.102.163:56221
21:08:48 DB Timeout looking for connection from 172.16.102.163:56221
21:08:48 DB Timeout looking for connection from 172.16.102.163:56221
21:08:48 DB Timeout looking for connection from 172.16.102.163:56221
21:08:48 DB Timeout looking for connection from 172.16.102.163:56221
21:08:48 DB Timeout looking for connection from 172.16.102.163:56221
21:08:48 DB Timeout looking for connection from 172.16.102.163:56221
21:08:48 DB Timeout looking for connection from 172.16.102.163:56221
21:08:48 DB Timeout looking for connection from 172.16.102.163:56221
21:08:49 DB Timeout looking for connection from 172.16.102.163:56221
21:08:49 DB Timeout looking for connection from 172.16.102.163:56221
21:08:49 DB Timeout looking for connection from 172.16.102.163:56221
21:08:49 DB Timeout looking for connection from 172.16.102.163:56221
21:08:49 DB Timeout looking for connection from 172.16.102.163:56221
21:08:49 DB Timeout looking for connection from 172.16.102.163:56221
21:08:49 DB Timeout looking for connection from 172.16.102.163:56221
21:08:49 DB Timeout looking for connection from 172.16.102.163:56221
21:08:49 DB Timeout looking for connection from 172.16.102.163:56221
21:08:49 DB Timeout looking for connection from 172.16.102.163:56221
21:08:50 DB Timeout looking for connection from 172.16.102.163:56221
21:08:50 DB Timeout looking for connection from 172.16.102.163:56221
21:08:50 DB Timeout looking for connection from 172.16.102.163:56221
21:08:50 DB Timeout looking for connection from 172.16.102.163:56221
21:08:50 DB Timeout looking for connection from 172.16.102.163:56221
21:08:50 DB Timeout looking for connection from 172.16.102.163:56221
21:08:50 DB Timeout looking for connection from 172.16.102.163:56221
21:08:50 DB Timeout looking for connection from 172.16.102.163:56221
21:08:50 DB Timeout looking for connection from 172.16.102.163:56221
21:08:50 DB Timeout looking for connection from 172.16.102.163:56221
21:08:51 DB Timeout looking for connection from 172.16.102.163:56221
21:08:51 DB Timeout looking for connection from 172.16.102.163:56221
21:08:51 DB Timeout looking for connection from 172.16.102.163:56221
21:08:51 DB Timeout looking for connection from 172.16.102.163:56221
21:08:51 DB Timeout looking for connection from 172.16.102.163:56221
21:08:51 DB Timeout looking for connection from 172.16.102.163:56221
21:08:51 DB Timeout looking for connection from 172.16.102.163:56221
21:08:51 DB Timeout looking for connection from 172.16.102.163:56221
21:08:51 DB Timeout looking for connection from 172.16.102.163:56221
21:08:51 DB Timeout looking for connection from 172.16.102.163:56221
21:08:52 DB Timeout looking for connection from 172.16.102.163:56221
21:08:52 DB Timeout looking for connection from 172.16.102.163:56221
21:08:52 DB Timeout looking for connection from 172.16.102.163:56221
21:08:52 DB Timeout looking for connection from 172.16.102.163:56221
21:08:52 DB Timeout looking for connection from 172.16.102.163:56221
21:08:52 DB Timeout looking for connection from 172.16.102.163:56221
21:08:52 DB Timeout looking for connection from 172.16.102.163:56221
21:08:52 DB Timeout looking for connection from 172.16.102.163:56221
21:08:52 DB Timeout looking for connection from 172.16.102.163:56221
21:08:53 DB Timeout looking for connection from 172.16.102.163:56221
21:08:53 DB Timeout looking for connection from 172.16.102.163:56221
21:08:53 DB Timeout looking for connection from 172.16.102.163:56221
21:08:53 DB Timeout looking for connection from 172.16.102.163:56221
21:08:53 DB Timeout looking for connection from 172.16.102.163:56221
21:08:53 DB Timeout looking for connection from 172.16.102.163:56221
21:08:53 DB Timeout looking for connection from 172.16.102.163:56221
21:08:53 DB Timeout looking for connection from 172.16.102.163:56221
21:08:53 DB Timeout looking for connection from 172.16.102.163:56221
21:08:53 DB Timeout looking for connection from 172.16.102.163:56221
21:08:54 DB Timeout looking for connection from 172.16.102.163:56221
21:08:54 DB Timeout looking for connection from 172.16.102.163:56221
21:08:54 DB Timeout looking for connection from 172.16.102.163:56221
21:08:54 DB Timeout looking for connection from 172.16.102.163:56221
21:08:54 DB Timeout looking for connection from 172.16.102.163:56221
21:08:54 DB Timeout looking for connection from 172.16.102.163:56221
21:08:54 DB Timeout looking for connection from 172.16.102.163:56221
21:08:54 DB Timeout looking for connection from 172.16.102.163:56221
21:08:54 DB Timeout looking for connection from 172.16.102.163:56221
21:08:54 DB Timeout looking for connection from 172.16.102.163:56221
21:08:55 DB Timeout looking for connection from 172.16.102.163:56221
21:08:55 DB Timeout looking for connection from 172.16.102.163:56221
21:08:55 DB Timeout looking for connection from 172.16.102.163:56221
21:08:55 DB Timeout looking for connection from 172.16.102.163:56221
21:08:55 DB Timeout looking for connection from 172.16.102.163:56221
21:08:55 DB Timeout looking for connection from 172.16.102.163:56221
21:08:55 DB Timeout looking for connection from 172.16.102.163:56221
21:08:55 DB Timeout looking for connection from 172.16.102.163:56221
21:08:55 DB Timeout looking for connection from 172.16.102.163:56221
21:08:55 DB Timeout looking for connection from 172.16.102.163:56221
21:08:56 DB Timeout looking for connection from 172.16.102.163:56221
21:08:56 DB Timeout looking for connection from 172.16.102.163:56221
21:08:56 DB Timeout looking for connection from 172.16.102.163:56221
21:08:56 DB Timeout looking for connection from 172.16.102.163:56221
21:08:56 DB Timeout looking for connection from 172.16.102.163:56221
21:08:56 DB Timeout looking for connection from 172.16.102.163:56221
21:08:56 DB Timeout looking for connection from 172.16.102.163:56221
21:08:56 DB Timeout looking for connection from 172.16.102.163:56221
21:08:56 DB Timeout looking for connection from 172.16.102.163:56221
21:08:56 DB Timeout looking for connection from 172.16.102.163:56221
21:08:57 DB Timeout looking for connection from 172.16.102.163:56221
21:08:57 DB Timeout looking for connection from 172.16.102.163:56221
21:08:57 DB Timeout looking for connection from 172.16.102.163:56221
21:08:57 DB Timeout looking for connection from 172.16.102.163:56221
21:08:57 DB Timeout looking for connection from 172.16.102.163:56221
21:08:57 DB Timeout looking for connection from 172.16.102.163:56221
21:08:57 DB Timeout looking for connection from 172.16.102.163:56221
21:08:57 DB Timeout looking for connection from 172.16.102.163:56221
21:08:57 DB Timeout looking for connection from 172.16.102.163:56221
21:08:57 DB Timeout looking for connection from 172.16.102.163:56221
21:08:58 DB Timeout looking for connection from 172.16.102.163:56221
21:08:58 DB Timeout looking for connection from 172.16.102.163:56221
21:08:58 DB Timeout looking for connection from 172.16.102.163:56221
21:08:58 DB Timeout looking for connection from 172.16.102.163:56221
21:08:58 DB Timeout looking for connection from 172.16.102.163:56221
21:08:58 DB Timeout looking for connection from 172.16.102.163:56221
21:08:58 DB Timeout looking for connection from 172.16.102.163:56221
21:08:58 DB Timeout looking for connection from 172.16.102.163:56221
21:08:58 DB Timeout looking for connection from 172.16.102.163:56221
21:08:58 DB Timeout looking for connection from 172.16.102.163:56221
21:08:59 DB Timeout looking for connection from 172.16.102.163:56221
21:08:59 DB Timeout looking for connection from 172.16.102.163:56221
21:08:59 DB Timeout looking for connection from 172.16.102.163:56221
21:08:59 DB Timeout looking for connection from 172.16.102.163:56221
21:08:59 DB Timeout looking for connection from 172.16.102.163:56221
21:08:59 DB Timeout looking for connection from 172.16.102.163:56221
21:08:59 DB Timeout looking for connection from 172.16.102.163:56221
21:08:59 DB Timeout looking for connection from 172.16.102.163:56221
21:08:59 DB Timeout looking for connection from 172.16.102.163:56221
21:08:59 DB Timeout looking for connection from 172.16.102.163:56221
21:09:00 DB Timeout looking for connection from 172.16.102.163:56221
21:09:00 DB Timeout looking for connection from 172.16.102.163:56221
21:09:00 DB Timeout looking for connection from 172.16.102.163:56221
21:09:00 DB Timeout looking for connection from 172.16.102.163:56221
21:09:00 DB Timeout looking for connection from 172.16.102.163:56221
21:09:00 DB Timeout looking for connection from 172.16.102.163:56221
21:09:00 DB Timeout looking for connection from 172.16.102.163:56221
21:09:00 DB Timeout looking for connection from 172.16.102.163:56221
21:09:00 DB Timeout looking for connection from 172.16.102.163:56221
21:09:00 DB Timeout looking for connection from 172.16.102.163:56221
21:09:01 DB Timeout looking for connection from 172.16.102.163:56221
21:09:01 DB Timeout looking for connection from 172.16.102.163:56221
21:09:01 DB Timeout looking for connection from 172.16.102.163:56221
21:09:01 DB Timeout looking for connection from 172.16.102.163:56221
21:09:01 DB Timeout looking for connection from 172.16.102.163:56221
21:09:01 DB Timeout looking for connection from 172.16.102.163:56221
21:09:01 DB Timeout looking for connection from 172.16.102.163:56221
21:09:01 DB Timeout looking for connection from 172.16.102.163:56221
21:09:01 DB Timeout looking for connection from 172.16.102.163:56221
21:09:01 DB Timeout looking for connection from 172.16.102.163:56221
21:09:02 DB Timeout looking for connection from 172.16.102.163:56221
21:09:02 DB Timeout looking for connection from 172.16.102.163:56221
21:09:02 DB Timeout looking for connection from 172.16.102.163:56221
21:09:02 DB Timeout looking for connection from 172.16.102.163:56221
21:09:02 DB Timeout looking for connection from 172.16.102.163:56221
21:09:02 DB Timeout looking for connection from 172.16.102.163:56221
21:09:02 DB Timeout looking for connection from 172.16.102.163:56221
21:09:02 DB Timeout looking for connection from 172.16.102.163:56221
21:09:02 DB Timeout looking for connection from 172.16.102.163:56221
21:09:02 DB Timeout looking for connection from 172.16.102.163:56221
21:09:03 DB Timeout looking for connection from 172.16.102.163:56221
21:09:03 DB Timeout looking for connection from 172.16.102.163:56221
21:09:03 DB Timeout looking for connection from 172.16.102.163:56221
21:09:03 DB Timeout looking for connection from 172.16.102.163:56221
21:09:03 DB Timeout looking for connection from 172.16.102.163:56221
21:09:03 DB Timeout looking for connection from 172.16.102.163:56221
21:09:03 DB Timeout looking for connection from 172.16.102.163:56221
21:09:03 DB Timeout looking for connection from 172.16.102.163:56221
21:09:03 DB Timeout looking for connection from 172.16.102.163:56221
21:09:03 DB Timeout looking for connection from 172.16.102.163:56221
21:09:04 DB Timeout looking for connection from 172.16.102.163:56221
21:09:04 DB Timeout looking for connection from 172.16.102.163:56221
21:09:04 DB Timeout looking for connection from 172.16.102.163:56221
21:09:04 DB Timeout looking for connection from 172.16.102.163:56221
21:09:04 DB Timeout looking for connection from 172.16.102.163:56221
21:09:04 DB Timeout looking for connection from 172.16.102.163:56221
21:09:04 DB Timeout looking for connection from 172.16.102.163:56221
21:09:04 DB Timeout looking for connection from 172.16.102.163:56221
21:09:04 DB Timeout looking for connection from 172.16.102.163:56221
21:09:05 DB Timeout looking for connection from 172.16.102.163:56221
21:09:05 DB Timeout looking for connection from 172.16.102.163:56221
21:09:05 DB Timeout looking for connection from 172.16.102.163:56221
21:09:05 DB Timeout looking for connection from 172.16.102.163:56221
21:09:05 DB Timeout looking for connection from 172.16.102.163:56221
21:09:05 DB Timeout looking for connection from 172.16.102.163:56221
21:09:05 DB Timeout looking for connection from 172.16.102.163:56221
21:09:05 DB Timeout looking for connection from 172.16.102.163:56221
21:09:05 DB Timeout looking for connection from 172.16.102.163:56221
21:09:05 DB Timeout looking for connection from 172.16.102.163:56221
21:09:06 DB Timeout looking for connection from 172.16.102.163:56221
21:09:06 DB Timeout looking for connection from 172.16.102.163:56221
21:09:06 DB Timeout looking for connection from 172.16.102.163:56221
21:09:06 DB Timeout looking for connection from 172.16.102.163:56221
21:09:06 DB Timeout looking for connection from 172.16.102.163:56221
21:09:06 DB Timeout looking for connection from 172.16.102.163:56221
21:09:06 DB Timeout looking for connection from 172.16.102.163:56221
21:09:06 DB Timeout looking for connection from 172.16.102.163:56221
21:09:06 DB Timeout looking for connection from 172.16.102.163:56221
21:09:06 DB Timeout looking for connection from 172.16.102.163:56221
21:09:07 DB Timeout looking for connection from 172.16.102.163:56221
21:09:07 DB Timeout looking for connection from 172.16.102.163:56221
21:09:07 DB Timeout looking for connection from 172.16.102.163:56221
21:09:07 DB Timeout looking for connection from 172.16.102.163:56221
21:09:07 DB Timeout looking for connection from 172.16.102.163:56221
21:09:07 DB Timeout looking for connection from 172.16.102.163:56221
21:09:07 DB Timeout looking for connection from 172.16.102.163:56221
21:09:07 DB Timeout looking for connection from 172.16.102.163:56221
21:09:07 DB Timeout looking for connection from 172.16.102.163:56221
21:09:07 DB Timeout looking for connection from 172.16.102.163:56221
21:09:08 DB Timeout looking for connection from 172.16.102.163:56221
21:09:08 DB Timeout looking for connection from 172.16.102.163:56221
21:09:08 DB Timeout looking for connection from 172.16.102.163:56221
21:09:08 DB Timeout looking for connection from 172.16.102.163:56221
21:09:08 DB Timeout looking for connection from 172.16.102.163:56221
21:09:08 DB Timeout looking for connection from 172.16.102.163:56221
21:09:08 DB Timeout looking for connection from 172.16.102.163:56221
21:09:08 DB Timeout looking for connection from 172.16.102.163:56221
21:09:08 DB Timeout looking for connection from 172.16.102.163:56221
21:09:08 DB Timeout looking for connection from 172.16.102.163:56221
21:09:09 DB Timeout looking for connection from 172.16.102.163:56221
21:09:09 DB Timeout looking for connection from 172.16.102.163:56221
21:09:09 DB Timeout looking for connection from 172.16.102.163:56221
21:09:09 DB Timeout looking for connection from 172.16.102.163:56221
21:09:09 DB Timeout looking for connection from 172.16.102.163:56221
21:09:09 DB Timeout looking for connection from 172.16.102.163:56221
21:09:09 DB Timeout looking for connection from 172.16.102.163:56221
21:09:09 DB Timeout looking for connection from 172.16.102.163:56221
21:09:09 DB Timeout looking for connection from 172.16.102.163:56221
21:09:09 DB Timeout looking for connection from 172.16.102.163:56221
21:09:10 DB Timeout looking for connection from 172.16.102.163:56221
21:09:10 DB Timeout looking for connection from 172.16.102.163:56221
21:09:10 DB Timeout looking for connection from 172.16.102.163:56221
21:09:10 DB Timeout looking for connection from 172.16.102.163:56221
21:09:10 DB Timeout looking for connection from 172.16.102.163:56221
21:09:10 DB Timeout looking for connection from 172.16.102.163:56221
21:09:10 DB Timeout looking for connection from 172.16.102.163:56221
21:09:10 DB Timeout looking for connection from 172.16.102.163:56221
21:09:10 DB Timeout looking for connection from 172.16.102.163:56221
21:09:10 DB Timeout looking for connection from 172.16.102.163:56221
21:09:11 DB Timeout looking for connection from 172.16.102.163:56221
21:09:11 DB Timeout looking for connection from 172.16.102.163:56221
21:09:11 DB Timeout looking for connection from 172.16.102.163:56221
21:09:11 DB Timeout looking for connection from 172.16.102.163:56221
21:09:11 DB Timeout looking for connection from 172.16.102.163:56221
21:09:11 DB Timeout looking for connection from 172.16.102.163:56221
21:09:11 DB Timeout looking for connection from 172.16.102.163:56221
21:09:11 DB Timeout looking for connection from 172.16.102.163:56221
21:09:11 DB Timeout looking for connection from 172.16.102.163:56221
21:09:11 DB Timeout looking for connection from 172.16.102.163:56221
21:09:12 DB Timeout looking for connection from 172.16.102.163:56221
21:09:12 DB Timeout looking for connection from 172.16.102.163:56221
mubix commented 10 years ago

I also get this in the web page nodejs_snarf

purpleteam commented 10 years ago

You're binding to .163, and you're getting the victim to connect directly to .163, which means that you're not "man-in-the-middling" per se, but probably LLMNR poisoning or something? In this case, you will need to set the "default" target with the "-d" flag. Something like this:

$ sudo snarf.js -d 172.16.102.4 172.16.102.163

Where "172.16.102.4" is the system you want to relay the connections to.

That said, I think we'll make a small enhancement so that the error messages are a little more obvious about what's happening here. Thanks for the feedback!

purpleteam commented 10 years ago

OK, I've put together a small change to the routing in snarf. Now, it will check the kernel log 10 times, and if it fails punt to default. If there is no default selected, then it'll give you a (hopefully) helpful message. I'll have this committed shortly. Something like this:

12:33:38 DB no response in kernel log, responding with 0.0.0.0
12:33:38 ERROR, can't relay connection destined for bindip
12:33:38 You may want to specify a default destination with
12:33:38 the '-d <ip>' flag.

So the full output would look something like this:

$ sudo node snarf.js 192.168.159.131
12:33:32 SNARF - 0.2 - SMB Man in the Middle Attack Engine
12:33:32 by Josh Stone (yakovdk@gmail.com) and Victor Mata (TBD)
12:33:32 Router: iptables -t nat -X SNARF
12:33:32 Default IP is false
12:33:32 Created control server, direct browser to http://localhost:4001/
12:33:32 Interception server bound to 192.168.159.131:445
12:33:32 Router: iptables -t nat -N SNARF
12:33:32 Router: iptables -t nat -A SNARF -p tcp -j LOG
12:33:33 Router: iptables -t nat -A SNARF -p tcp --dport 445 -j DNAT --to 192.168.159.131:445
12:33:33 Router: To intercept, run 'iptables -t nat -A PREROUTING -p tcp --dport 445 -j SNARF'
12:33:37 Client 192.168.159.204:49217 connected
12:33:37 DB Timeout looking for connection from 192.168.159.204:49217
12:33:37 DB Timeout looking for connection from 192.168.159.204:49217
12:33:37 DB Timeout looking for connection from 192.168.159.204:49217
12:33:37 DB Timeout looking for connection from 192.168.159.204:49217
12:33:37 DB Timeout looking for connection from 192.168.159.204:49217
12:33:37 DB Timeout looking for connection from 192.168.159.204:49217
12:33:37 DB Timeout looking for connection from 192.168.159.204:49217
12:33:38 DB Timeout looking for connection from 192.168.159.204:49217
12:33:38 DB Timeout looking for connection from 192.168.159.204:49217
12:33:38 DB Timeout looking for connection from 192.168.159.204:49217
12:33:38 DB Timeout looking for connection from 192.168.159.204:49217
12:33:38 DB Timeout looking for connection from 192.168.159.204:49217
12:33:38 DB no response in kernel log, responding with 0.0.0.0
12:33:38 ERROR, can't relay connection destined for bindip
12:33:38 You may want to specify a default destination with
12:33:38 the '-d <ip>' flag.