cleartext, proxy fixes

Kevin-Robertson · Kevin-Robertson · commit 5116878fd543 · 2022-09-27T22:18:14.000-04:00
Fixed cleartext capture/output bugs
Added proxyauth reconnect relay
Changed IgnoreHosts/ReplyToHosts to IgnoreQueries/ReplyToQueries
diff --git a/Inveigh/Listeners/DNSListener.cs b/Inveigh/Listeners/DNSListener.cs
@@ -39,8 +39,8 @@ public override bool Check(string name, string type, string clientIP, out string
 
             DNSChecker helper = new DNSChecker
             {
-                IgnoreHosts = Program.argIgnoreHosts,
-                ReplyToHosts = Program.argReplyToHosts,
+                IgnoreQueries = Program.argIgnoreQueries,
+                ReplyToQueries = Program.argReplyToQueries,
                 IgnoreIPs = Program.argIgnoreIPs,
                 ReplyToIPs = Program.argReplyToIPs,
                 IgnoreDomains = Program.argIgnoreDomains,
diff --git a/Inveigh/Listeners/HTTPListener.cs b/Inveigh/Listeners/HTTPListener.cs
@@ -38,6 +38,11 @@ protected override void OutputNTLM(string protocol, string listenerPort, string
             Output.NTLMOutput(user, domain, ntlmChallenge, ntlmResponseHash, clientIP, host, protocol, listenerPort, clientPort, lmResponseHash);
         }
 
+        protected override void OutputCleartext(string protocol, string listenerPort, string clientIP, string clientPort, string credentials)
+        {
+            Output.CleartextOutput(protocol, listenerPort, clientIP, clientPort, credentials);
+        }
+
         protected override void OutputChallenge(string protocol, string listenerPort, string clientIP, string clientPort, string challenge)
         {
             Output.Queue(String.Format("[+] [{0}] {1}({2}) NTLM challenge [{3}] sent to {4}:{5}", Output.Timestamp(), protocol, listenerPort, challenge, clientIP, clientPort));
diff --git a/Inveigh/Listeners/LLMNRListener.cs b/Inveigh/Listeners/LLMNRListener.cs
@@ -28,10 +28,10 @@ protected override void OutputError(Exception ex)
         public override bool Check(string name, string type, string clientIP, out string message)
         {
 
-            LLMNRChecker llmnrHelper = new LLMNRChecker
+            LLMNRChecker llmnrChecker = new LLMNRChecker
             {
-                IgnoreHosts = Program.argIgnoreHosts,
-                ReplyToHosts = Program.argReplyToHosts,
+                IgnoreQueries = Program.argIgnoreQueries,
+                ReplyToQueries = Program.argReplyToQueries,
                 IgnoreIPs = Program.argIgnoreIPs,
                 ReplyToIPs = Program.argReplyToIPs,
                 IPCaptures = Program.IPCaptureList,
@@ -41,13 +41,13 @@ public override bool Check(string name, string type, string clientIP, out string
                 Inspect = Program.enabledInspect,
             };
 
-            if (llmnrHelper.Check(name, type, clientIP))
+            if (llmnrChecker.Check(name, type, clientIP))
             {
-                message = llmnrHelper.OutputMessage;
+                message = llmnrChecker.OutputMessage;
                 return true;
             }
 
-            message = llmnrHelper.OutputMessage;
+            message = llmnrChecker.OutputMessage;
             return false;
         }
 
diff --git a/Inveigh/Listeners/MDNSListener.cs b/Inveigh/Listeners/MDNSListener.cs
@@ -33,8 +33,8 @@ public override bool Check(string name, string question, string type, string cli
 
             MDNSChecker mdnsHelper = new MDNSChecker
             {
-                IgnoreHosts = Program.argIgnoreHosts,
-                ReplyToHosts = Program.argReplyToHosts,
+                IgnoreQueries = Program.argIgnoreQueries,
+                ReplyToQueries = Program.argReplyToQueries,
                 IgnoreIPs = Program.argIgnoreIPs,
                 ReplyToIPs = Program.argReplyToIPs,
                 IPCaptures = Program.IPCaptureList,
diff --git a/Inveigh/Listeners/NBNSListener.cs b/Inveigh/Listeners/NBNSListener.cs
@@ -31,8 +31,8 @@ public override bool Check(string name, string type, string clientIP, out string
 
             NetBIOSNSChecker helper = new NetBIOSNSChecker
             {
-                IgnoreHosts = Program.argIgnoreHosts,
-                ReplyToHosts = Program.argReplyToHosts,
+                IgnoreQueries = Program.argIgnoreQueries,
+                ReplyToQueries = Program.argReplyToQueries,
                 IgnoreIPs = Program.argIgnoreIPs,
                 ReplyToIPs = Program.argReplyToIPs,
                 IPCaptures = Program.IPCaptureList,
diff --git a/Inveigh/Program.cs b/Inveigh/Program.cs
@@ -74,10 +74,10 @@ class Program
         public static string[] argIgnoreAgents = { "Firefox" };
         public static string[] argIgnoreDomains;
         public static string[] argIgnoreIPs;
-        public static string[] argIgnoreHosts;
+        public static string[] argIgnoreQueries;
         public static string[] argIgnoreMACs;
         public static string[] argReplyToDomains;
-        public static string[] argReplyToHosts;
+        public static string[] argReplyToQueries;
         public static string[] argReplyToIPs;
         public static string[] argReplyToMACs;
         public static string argSpooferIP = "";        
@@ -174,7 +174,7 @@ class Program
         public static string netbiosDomain = Environment.UserDomainName;
         public static string dnsDomain = "";    
         public static ulong smb2Session = 5548434740922023936; // todo check
-        public static string version = "2.0.6";
+        public static string version = "2.0.8";
 
         static void Main(string[] arguments)
         {
@@ -355,11 +355,6 @@ static void Main(string[] arguments)
                                 argIgnoreDomains = arguments[entry.index + 1].ToUpper().Split(',');
                                 break;
 
-                            case "-IGNOREHOSTS":
-                            case "/IGNOREHOSTS":
-                                argIgnoreHosts = arguments[entry.index + 1].ToUpper().Split(',');
-                                break;
-
                             case "-IGNOREIPS":
                             case "/IGNOREIPS":
                                 argIgnoreIPs = arguments[entry.index + 1].ToUpper().Split(',');
@@ -370,6 +365,11 @@ static void Main(string[] arguments)
                                 argIgnoreMACs = arguments[entry.index + 1].ToUpper().Replace(":", "").Replace("-", "").Split(',');
                                 break;
 
+                            case "-IGNOREQUERIES":
+                            case "/IGNOREQUERIES":
+                                argIgnoreQueries = arguments[entry.index + 1].ToUpper().Split(',');
+                                break;
+
                             case "-INSPECT":
                             case "/INSPECT":
                                 argInspect = arguments[entry.index + 1].ToUpper();
@@ -545,11 +545,6 @@ static void Main(string[] arguments)
                                 argReplyToDomains = arguments[entry.index + 1].ToUpper().Split(',');
                                 break;
 
-                            case "-REPLYTOHOSTS":
-                            case "/REPLYTOHOSTS":
-                                argReplyToHosts = arguments[entry.index + 1].ToUpper().Split(',');
-                                break;
-
                             case "-REPLYTOIPS":
                             case "/REPLYTOIPS":
                                 argReplyToIPs = arguments[entry.index + 1].ToUpper().Split(',');
@@ -558,7 +553,12 @@ static void Main(string[] arguments)
                             case "-REPLYTOMACS":
                             case "/REPLYTOMACS":
                                 argReplyToMACs = arguments[entry.index + 1].ToUpper().Replace(":", "").Replace("-", "").Split(',');
-                                break;                                                   
+                                break;
+
+                            case "-REPLYTOQUERIES":
+                            case "/REPLYTOQUERIES":
+                                argReplyToQueries = arguments[entry.index + 1].ToUpper().Split(',');
+                                break;
 
                             case "-WEBDAV":
                             case "/WEBDAV":
diff --git a/Inveigh/Protocols/Quiddity/Quiddity/Listeners/HTTPListener.cs b/Inveigh/Protocols/Quiddity/Quiddity/Listeners/HTTPListener.cs
@@ -41,6 +41,7 @@
 using System.Net.Security;
 using Quiddity.Support;
 using System.Collections;
+using System.Collections.Generic;
 
 namespace Quiddity
 {
@@ -64,6 +65,7 @@ class HTTPListener
         public static bool isRunning = false;
         public const SslProtocols tls12 = (SslProtocols)0x00000C00;
         public static Hashtable httpSessionTable = Hashtable.Synchronized(new Hashtable());
+        public static Hashtable tcpSessionTable = Hashtable.Synchronized(new Hashtable());
 
         public HTTPListener()
         {
@@ -118,8 +120,18 @@ internal void Start(IPAddress ipAddress, int port, string type)
                             if (isRunning)
                             {
                                 TcpClient tcpClient = tcpListener.EndAcceptTcpClient(tcpAsync);
-                                object[] parameters = { tcpClient, type, port };
-                                ThreadPool.QueueUserWorkItem(new WaitCallback(ReceiveClient), parameters);
+                                string sourceIP = ((IPEndPoint)(tcpClient.Client.RemoteEndPoint)).Address.ToString();
+
+                                if (type.Equals("Proxy") && tcpSessionTable.ContainsKey(sourceIP) && DateTime.Compare((DateTime)tcpSessionTable[sourceIP], DateTime.Now) > 0)
+                                {
+                                    tcpClient.Client.Close();
+                                }
+                                else
+                                {
+                                    object[] parameters = { tcpClient, type, port };
+                                    ThreadPool.QueueUserWorkItem(new WaitCallback(ReceiveClient), parameters);
+                                }
+
                             }
 
                         }
@@ -490,6 +502,12 @@ internal void ReceiveClient(object parameters)
                             if (type.Equals("Proxy"))
                             {
                                 tcpClient.Client.Close();
+
+                                if (!tcpSessionTable.ContainsKey(sourceIP) || DateTime.Compare((DateTime)tcpSessionTable[sourceIP], DateTime.Now) <= 0)
+                                {
+                                    tcpSessionTable[sourceIP] = DateTime.Now.AddSeconds(1);
+                                }
+
                             }
                             else
                             {
diff --git a/Inveigh/Protocols/Quiddity/Quiddity/Protocols/DNS/DNSChecker.cs b/Inveigh/Protocols/Quiddity/Quiddity/Protocols/DNS/DNSChecker.cs
@@ -37,8 +37,8 @@ namespace Quiddity.DNS
 {
     class DNSChecker
     {
-        public string[] IgnoreHosts { get; set; }
-        public string[] ReplyToHosts { get; set; }
+        public string[] IgnoreQueries { get; set; }
+        public string[] ReplyToQueries { get; set; }
         public string[] IgnoreIPs { get; set; }
         public string[] ReplyToIPs { get; set; }
         public string[] IgnoreDomains { get; set; }
@@ -103,12 +103,12 @@ public bool Check(string name, string type, string clientIP)
                 this.OutputMessage = this.OutputServiceDenied;
                 return false;
             }
-            else if (HostIsDenied(name) || FQDNIsDenied(name))
+            else if (QueryIsDenied(name) || FQDNIsDenied(name))
             {
                 this.OutputMessage = this.OutputHostDenied;
                 return false;
             }
-            else if (!HostIsAllowed(name) && !FQDNIsAllowed(name))
+            else if (!QueryIsAllowed(name) && !FQDNIsAllowed(name))
             {
                 this.OutputMessage = this.OutputHostDenied;
                 return false;
@@ -193,23 +193,23 @@ public bool ServiceIsAllowed(string name, string type)
             return true;
         }
 
-        public bool HostIsDenied(string name)
+        public bool QueryIsDenied(string name)
         {
             string host = (name.Split('.'))[0];
 
-            if (!Utilities.ArrayIsNullOrEmpty(this.IgnoreHosts) && Array.Exists(this.IgnoreHosts, element => element == host.ToUpper()))
+            if (!Utilities.ArrayIsNullOrEmpty(this.IgnoreQueries) && Array.Exists(this.IgnoreQueries, element => element == host.ToUpper()))
             {
                 return true;
             }
 
             return false;
         }
 
-        public bool HostIsAllowed(string name)
+        public bool QueryIsAllowed(string name)
         {
             string host = (name.Split('.'))[0];
 
-            if (!Utilities.ArrayIsNullOrEmpty(this.ReplyToHosts) && !Array.Exists(this.ReplyToHosts, element => element == host.ToUpper()))
+            if (!Utilities.ArrayIsNullOrEmpty(this.ReplyToQueries) && !Array.Exists(this.ReplyToQueries, element => element == host.ToUpper()))
             {
                 return false;
             }
@@ -220,7 +220,7 @@ public bool HostIsAllowed(string name)
         public bool FQDNIsDenied(string name)
         {
            
-            if (!Utilities.ArrayIsNullOrEmpty(this.IgnoreHosts) && Array.Exists(this.IgnoreHosts, element => element == name.ToUpper()))
+            if (!Utilities.ArrayIsNullOrEmpty(this.IgnoreQueries) && Array.Exists(this.IgnoreQueries, element => element == name.ToUpper()))
             {
                 return true;
             }
@@ -231,7 +231,7 @@ public bool FQDNIsDenied(string name)
         public bool FQDNIsAllowed(string name)
         {
 
-            if (!Utilities.ArrayIsNullOrEmpty(this.ReplyToHosts) && !Array.Exists(this.ReplyToHosts, element => element == name.ToUpper()))
+            if (!Utilities.ArrayIsNullOrEmpty(this.ReplyToQueries) && !Array.Exists(this.ReplyToQueries, element => element == name.ToUpper()))
             {
                 return false;
             }
diff --git a/Inveigh/Support/Output.cs b/Inveigh/Support/Output.cs
@@ -592,12 +592,12 @@ public static void NTLMOutput(string user, string domain, string challenge, stri
 
                                 lock (Program.IPCaptureList)
                                 {
-                                    Program.IPCaptureList.Add(string.Concat(host));
+                                    Program.IPCaptureList.Add(sourceIP);
                                 }
 
                                 lock (Program.HostCaptureList)
                                 {
-                                    Program.HostCaptureList.Add(string.Concat(host));
+                                    Program.HostCaptureList.Add(host);
                                 }
 
                             }
@@ -642,12 +642,12 @@ public static void NTLMOutput(string user, string domain, string challenge, stri
 
                                 lock (Program.IPCaptureList)
                                 {
-                                    Program.IPCaptureList.Add(string.Concat(host));
+                                    Program.IPCaptureList.Add(sourceIP);
                                 }
 
                                 lock (Program.HostCaptureList)
                                 {
-                                    Program.HostCaptureList.Add(string.Concat(host));
+                                    Program.HostCaptureList.Add(host);
                                 }
 
                             }
@@ -680,6 +680,43 @@ public static void NTLMOutput(string user, string domain, string challenge, stri
 
         }
 
+        public static void CleartextOutput(string protocol, string listenerPort, string clientIP, string clientPort, string credentials)
+        {
+
+            bool isUnique = false;
+
+            if (Program.cleartextList.Any(str => str.Contains(credentials)))
+            {
+                isUnique = true;
+            }
+
+            lock (Program.cleartextList)
+            {
+                Program.cleartextList.Add(string.Concat(clientIP, ",", credentials));
+            }
+
+            if (Program.enabledConsoleUnique && isUnique)
+            {
+                Queue(string.Format("[+] [{0}] {1}({2}) cleartext credentials captured from {3}({4}):\r\n[not unique]", Timestamp(), protocol, listenerPort, clientIP, clientPort));
+            }
+            else
+            {
+                Queue(string.Format("[+] [{0}] {1}({2}) cleartext credentials captured from {3}({4}):\r\n{5}", Timestamp(), protocol, listenerPort, clientIP, clientPort, credentials));
+            }
+
+            if (Program.enabledFileOutput && (!Program.enabledFileUnique || !isUnique))
+            {
+
+                lock (Program.cleartextFileList)
+                {
+                    Program.cleartextFileList.Add(string.Concat(clientIP, ",", credentials));
+                }
+
+                Queue(string.Format("[+] [{0}] {1}({2}) cleartext credentials written to {3}", Timestamp(), protocol, listenerPort, String.Concat(Program.argFilePrefix, "-Cleartext.txt")));
+            }
+
+        }
+
         public static void FileOutput()
         {
 
@@ -1005,10 +1042,10 @@ public static void GetHelp(string arg)
                 OutputHelp(argument, description);
             }
 
-            if (nullarg || string.Equals(arg, "IGNOREHOSTS"))
+            if (nullarg || string.Equals(arg, "IGNOREQUERIES"))
             {
-                string argument = "IgnoreHosts";
-                string description = "Default=None: Comma separated list of hostnames to ignore when spoofing.";
+                string argument = "IgnoreQueries";
+                string description = "Default=None: Comma separated list of name queries to ignore when spoofing.";
                 OutputHelp(argument, description);
             }
 
@@ -1117,13 +1154,6 @@ public static void GetHelp(string arg)
                 OutputHelp(argument, description);
             }
 
-            if (nullarg || string.Equals(arg, "REPLYTOHOSTS"))
-            {
-                string argument = "ReplyToHosts";
-                string description = "Default=All: Comma separated list of hostnames to respond to when spoofing.";
-                OutputHelp(argument, description);
-            }
-
             if (nullarg || string.Equals(arg, "REPLYTOIPS"))
             {
                 string argument = "ReplyToIPs";
@@ -1138,6 +1168,13 @@ public static void GetHelp(string arg)
                 OutputHelp(argument, description);
             }
 
+            if (nullarg || string.Equals(arg, "REPLYTOQUERIES"))
+            {
+                string argument = "ReplyToqueries";
+                string description = "Default=All: Comma separated list of name queries to respond to when spoofing.";
+                OutputHelp(argument, description);
+            }
+
             if (nullarg || string.Equals(arg, "SPOOFERIP"))
             {
                 string argument = "SpooferIP";
diff --git a/Inveigh/Support/Shell.cs b/Inveigh/Support/Shell.cs
diff --git a/README.md b/README.md

Original file line number	Diff line number	Diff line change
`@@ -38,6 +38,11 @@ protected override void OutputNTLM(string protocol, string listenerPort, string`
`38`	`38`	`Output.NTLMOutput(user, domain, ntlmChallenge, ntlmResponseHash, clientIP, host, protocol, listenerPort, clientPort, lmResponseHash);`
`39`	`39`	`}`
`40`	`40`
	`41`	`+ protected override void OutputCleartext(string protocol, string listenerPort, string clientIP, string clientPort, string credentials)`
	`42`	`+ {`
	`43`	`+ Output.CleartextOutput(protocol, listenerPort, clientIP, clientPort, credentials);`
	`44`	`+ }`
	`45`	`+`
`41`	`46`	`protected override void OutputChallenge(string protocol, string listenerPort, string clientIP, string clientPort, string challenge)`
`42`	`47`	`{`
`43`	`48`	`Output.Queue(String.Format("[+] [{0}] {1}({2}) NTLM challenge [{3}] sent to {4}:{5}", Output.Timestamp(), protocol, listenerPort, challenge, clientIP, clientPort));`
Original file line number	Diff line number	Diff line change
`@@ -28,10 +28,10 @@ protected override void OutputError(Exception ex)`
`28`	`28`	`public override bool Check(string name, string type, string clientIP, out string message)`
`29`	`29`	`{`
`30`	`30`
`31`		`- LLMNRChecker llmnrHelper = new LLMNRChecker`
	`31`	`+ LLMNRChecker llmnrChecker = new LLMNRChecker`
`32`	`32`	`{`
`33`		`- IgnoreHosts = Program.argIgnoreHosts,`
`34`		`- ReplyToHosts = Program.argReplyToHosts,`
	`33`	`+ IgnoreQueries = Program.argIgnoreQueries,`
	`34`	`+ ReplyToQueries = Program.argReplyToQueries,`
`35`	`35`	`IgnoreIPs = Program.argIgnoreIPs,`
`36`	`36`	`ReplyToIPs = Program.argReplyToIPs,`
`37`	`37`	`IPCaptures = Program.IPCaptureList,`
`@@ -41,13 +41,13 @@ public override bool Check(string name, string type, string clientIP, out string`
`41`	`41`	`Inspect = Program.enabledInspect,`
`42`	`42`	`};`
`43`	`43`
`44`		`- if (llmnrHelper.Check(name, type, clientIP))`
	`44`	`+ if (llmnrChecker.Check(name, type, clientIP))`
`45`	`45`	`{`
`46`		`- message = llmnrHelper.OutputMessage;`
	`46`	`+ message = llmnrChecker.OutputMessage;`
`47`	`47`	`return true;`
`48`	`48`	`}`
`49`	`49`
`50`		`- message = llmnrHelper.OutputMessage;`
	`50`	`+ message = llmnrChecker.OutputMessage;`
`51`	`51`	`return false;`
`52`	`52`	`}`
`53`	`53`
Original file line number	Diff line number	Diff line change
`@@ -41,6 +41,7 @@`
`41`	`41`	`using System.Net.Security;`
`42`	`42`	`using Quiddity.Support;`
`43`	`43`	`using System.Collections;`
	`44`	`+using System.Collections.Generic;`
`44`	`45`
`45`	`46`	`namespace Quiddity`
`46`	`47`	`{`
`@@ -64,6 +65,7 @@ class HTTPListener`
`64`	`65`	`public static bool isRunning = false;`
`65`	`66`	`public const SslProtocols tls12 = (SslProtocols)0x00000C00;`
`66`	`67`	`public static Hashtable httpSessionTable = Hashtable.Synchronized(new Hashtable());`
	`68`	`+ public static Hashtable tcpSessionTable = Hashtable.Synchronized(new Hashtable());`
`67`	`69`
`68`	`70`	`public HTTPListener()`
`69`	`71`	`{`
`@@ -118,8 +120,18 @@ internal void Start(IPAddress ipAddress, int port, string type)`
`118`	`120`	`if (isRunning)`
`119`	`121`	`{`
`120`	`122`	`TcpClient tcpClient = tcpListener.EndAcceptTcpClient(tcpAsync);`
`121`		`- object[] parameters = { tcpClient, type, port };`
`122`		`- ThreadPool.QueueUserWorkItem(new WaitCallback(ReceiveClient), parameters);`
	`123`	`+ string sourceIP = ((IPEndPoint)(tcpClient.Client.RemoteEndPoint)).Address.ToString();`
	`124`	`+`
	`125`	`+ if (type.Equals("Proxy") && tcpSessionTable.ContainsKey(sourceIP) && DateTime.Compare((DateTime)tcpSessionTable[sourceIP], DateTime.Now) > 0)`
	`126`	`+ {`
	`127`	`+ tcpClient.Client.Close();`
	`128`	`+ }`
	`129`	`+ else`
	`130`	`+ {`
	`131`	`+ object[] parameters = { tcpClient, type, port };`
	`132`	`+ ThreadPool.QueueUserWorkItem(new WaitCallback(ReceiveClient), parameters);`
	`133`	`+ }`
	`134`	`+`
`123`	`135`	`}`
`124`	`136`
`125`	`137`	`}`
`@@ -490,6 +502,12 @@ internal void ReceiveClient(object parameters)`
`490`	`502`	`if (type.Equals("Proxy"))`
`491`	`503`	`{`
`492`	`504`	`tcpClient.Client.Close();`
	`505`	`+`
	`506`	`+ if (!tcpSessionTable.ContainsKey(sourceIP) \|\| DateTime.Compare((DateTime)tcpSessionTable[sourceIP], DateTime.Now) <= 0)`
	`507`	`+ {`
	`508`	`+ tcpSessionTable[sourceIP] = DateTime.Now.AddSeconds(1);`
	`509`	`+ }`
	`510`	`+`
`493`	`511`	`}`
`494`	`512`	`else`
`495`	`513`	`{`
Original file line number	Diff line number	Diff line change
`@@ -37,8 +37,8 @@ namespace Quiddity.DNS`
`37`	`37`	`{`
`38`	`38`	`class DNSChecker`
`39`	`39`	`{`
`40`		`- public string[] IgnoreHosts { get; set; }`
`41`		`- public string[] ReplyToHosts { get; set; }`
	`40`	`+ public string[] IgnoreQueries { get; set; }`
	`41`	`+ public string[] ReplyToQueries { get; set; }`
`42`	`42`	`public string[] IgnoreIPs { get; set; }`
`43`	`43`	`public string[] ReplyToIPs { get; set; }`
`44`	`44`	`public string[] IgnoreDomains { get; set; }`
`@@ -103,12 +103,12 @@ public bool Check(string name, string type, string clientIP)`
`103`	`103`	`this.OutputMessage = this.OutputServiceDenied;`
`104`	`104`	`return false;`
`105`	`105`	`}`
`106`		`- else if (HostIsDenied(name) \|\| FQDNIsDenied(name))`
	`106`	`+ else if (QueryIsDenied(name) \|\| FQDNIsDenied(name))`
`107`	`107`	`{`
`108`	`108`	`this.OutputMessage = this.OutputHostDenied;`
`109`	`109`	`return false;`
`110`	`110`	`}`
`111`		`- else if (!HostIsAllowed(name) && !FQDNIsAllowed(name))`
	`111`	`+ else if (!QueryIsAllowed(name) && !FQDNIsAllowed(name))`
`112`	`112`	`{`
`113`	`113`	`this.OutputMessage = this.OutputHostDenied;`
`114`	`114`	`return false;`
`@@ -193,23 +193,23 @@ public bool ServiceIsAllowed(string name, string type)`
`193`	`193`	`return true;`
`194`	`194`	`}`
`195`	`195`
`196`		`- public bool HostIsDenied(string name)`
	`196`	`+ public bool QueryIsDenied(string name)`
`197`	`197`	`{`
`198`	`198`	`string host = (name.Split('.'))[0];`
`199`	`199`
`200`		`- if (!Utilities.ArrayIsNullOrEmpty(this.IgnoreHosts) && Array.Exists(this.IgnoreHosts, element => element == host.ToUpper()))`
	`200`	`+ if (!Utilities.ArrayIsNullOrEmpty(this.IgnoreQueries) && Array.Exists(this.IgnoreQueries, element => element == host.ToUpper()))`
`201`	`201`	`{`
`202`	`202`	`return true;`
`203`	`203`	`}`
`204`	`204`
`205`	`205`	`return false;`
`206`	`206`	`}`
`207`	`207`
`208`		`- public bool HostIsAllowed(string name)`
	`208`	`+ public bool QueryIsAllowed(string name)`
`209`	`209`	`{`
`210`	`210`	`string host = (name.Split('.'))[0];`
`211`	`211`
`212`		`- if (!Utilities.ArrayIsNullOrEmpty(this.ReplyToHosts) && !Array.Exists(this.ReplyToHosts, element => element == host.ToUpper()))`
	`212`	`+ if (!Utilities.ArrayIsNullOrEmpty(this.ReplyToQueries) && !Array.Exists(this.ReplyToQueries, element => element == host.ToUpper()))`
`213`	`213`	`{`
`214`	`214`	`return false;`
`215`	`215`	`}`
`@@ -220,7 +220,7 @@ public bool HostIsAllowed(string name)`
`220`	`220`	`public bool FQDNIsDenied(string name)`
`221`	`221`	`{`
`222`	`222`
`223`		`- if (!Utilities.ArrayIsNullOrEmpty(this.IgnoreHosts) && Array.Exists(this.IgnoreHosts, element => element == name.ToUpper()))`
	`223`	`+ if (!Utilities.ArrayIsNullOrEmpty(this.IgnoreQueries) && Array.Exists(this.IgnoreQueries, element => element == name.ToUpper()))`
`224`	`224`	`{`
`225`	`225`	`return true;`
`226`	`226`	`}`
`@@ -231,7 +231,7 @@ public bool FQDNIsDenied(string name)`
`231`	`231`	`public bool FQDNIsAllowed(string name)`
`232`	`232`	`{`
`233`	`233`
`234`		`- if (!Utilities.ArrayIsNullOrEmpty(this.ReplyToHosts) && !Array.Exists(this.ReplyToHosts, element => element == name.ToUpper()))`
	`234`	`+ if (!Utilities.ArrayIsNullOrEmpty(this.ReplyToQueries) && !Array.Exists(this.ReplyToQueries, element => element == name.ToUpper()))`
`235`	`235`	`{`
`236`	`236`	`return false;`
`237`	`237`	`}`
Original file line number	Diff line number	Diff line change
`@@ -592,12 +592,12 @@ public static void NTLMOutput(string user, string domain, string challenge, stri`
`592`	`592`
`593`	`593`	`lock (Program.IPCaptureList)`
`594`	`594`	`{`
`595`		`- Program.IPCaptureList.Add(string.Concat(host));`
	`595`	`+ Program.IPCaptureList.Add(sourceIP);`
`596`	`596`	`}`
`597`	`597`
`598`	`598`	`lock (Program.HostCaptureList)`
`599`	`599`	`{`
`600`		`- Program.HostCaptureList.Add(string.Concat(host));`
	`600`	`+ Program.HostCaptureList.Add(host);`
`601`	`601`	`}`
`602`	`602`
`603`	`603`	`}`
`@@ -642,12 +642,12 @@ public static void NTLMOutput(string user, string domain, string challenge, stri`
`642`	`642`
`643`	`643`	`lock (Program.IPCaptureList)`
`644`	`644`	`{`
`645`		`- Program.IPCaptureList.Add(string.Concat(host));`
	`645`	`+ Program.IPCaptureList.Add(sourceIP);`
`646`	`646`	`}`
`647`	`647`
`648`	`648`	`lock (Program.HostCaptureList)`
`649`	`649`	`{`
`650`		`- Program.HostCaptureList.Add(string.Concat(host));`
	`650`	`+ Program.HostCaptureList.Add(host);`
`651`	`651`	`}`
`652`	`652`
`653`	`653`	`}`
`@@ -680,6 +680,43 @@ public static void NTLMOutput(string user, string domain, string challenge, stri`
`680`	`680`
`681`	`681`	`}`
`682`	`682`
	`683`	`+ public static void CleartextOutput(string protocol, string listenerPort, string clientIP, string clientPort, string credentials)`
	`684`	`+ {`
	`685`	`+`
	`686`	`+ bool isUnique = false;`
	`687`	`+`
	`688`	`+ if (Program.cleartextList.Any(str => str.Contains(credentials)))`
	`689`	`+ {`
	`690`	`+ isUnique = true;`
	`691`	`+ }`
	`692`	`+`
	`693`	`+ lock (Program.cleartextList)`
	`694`	`+ {`
	`695`	`+ Program.cleartextList.Add(string.Concat(clientIP, ",", credentials));`
	`696`	`+ }`
	`697`	`+`
	`698`	`+ if (Program.enabledConsoleUnique && isUnique)`
	`699`	`+ {`
	`700`	`+ Queue(string.Format("[+] [{0}] {1}({2}) cleartext credentials captured from {3}({4}):\r\n[not unique]", Timestamp(), protocol, listenerPort, clientIP, clientPort));`
	`701`	`+ }`
	`702`	`+ else`
	`703`	`+ {`
	`704`	`+ Queue(string.Format("[+] [{0}] {1}({2}) cleartext credentials captured from {3}({4}):\r\n{5}", Timestamp(), protocol, listenerPort, clientIP, clientPort, credentials));`
	`705`	`+ }`
	`706`	`+`
	`707`	`+ if (Program.enabledFileOutput && (!Program.enabledFileUnique \|\| !isUnique))`
	`708`	`+ {`
	`709`	`+`
	`710`	`+ lock (Program.cleartextFileList)`
	`711`	`+ {`
	`712`	`+ Program.cleartextFileList.Add(string.Concat(clientIP, ",", credentials));`
	`713`	`+ }`
	`714`	`+`
	`715`	`+ Queue(string.Format("[+] [{0}] {1}({2}) cleartext credentials written to {3}", Timestamp(), protocol, listenerPort, String.Concat(Program.argFilePrefix, "-Cleartext.txt")));`
	`716`	`+ }`
	`717`	`+`
	`718`	`+ }`
	`719`	`+`
`683`	`720`	`public static void FileOutput()`
`684`	`721`	`{`
`685`	`722`
`@@ -1005,10 +1042,10 @@ public static void GetHelp(string arg)`
`1005`	`1042`	`OutputHelp(argument, description);`
`1006`	`1043`	`}`
`1007`	`1044`
`1008`		`- if (nullarg \|\| string.Equals(arg, "IGNOREHOSTS"))`
	`1045`	`+ if (nullarg \|\| string.Equals(arg, "IGNOREQUERIES"))`
`1009`	`1046`	`{`
`1010`		`- string argument = "IgnoreHosts";`
`1011`		`- string description = "Default=None: Comma separated list of hostnames to ignore when spoofing.";`
	`1047`	`+ string argument = "IgnoreQueries";`
	`1048`	`+ string description = "Default=None: Comma separated list of name queries to ignore when spoofing.";`
`1012`	`1049`	`OutputHelp(argument, description);`
`1013`	`1050`	`}`
`1014`	`1051`
`@@ -1117,13 +1154,6 @@ public static void GetHelp(string arg)`
`1117`	`1154`	`OutputHelp(argument, description);`
`1118`	`1155`	`}`
`1119`	`1156`
`1120`		`- if (nullarg \|\| string.Equals(arg, "REPLYTOHOSTS"))`
`1121`		`- {`
`1122`		`- string argument = "ReplyToHosts";`
`1123`		`- string description = "Default=All: Comma separated list of hostnames to respond to when spoofing.";`
`1124`		`- OutputHelp(argument, description);`
`1125`		`- }`
`1126`		`-`
`1127`	`1157`	`if (nullarg \|\| string.Equals(arg, "REPLYTOIPS"))`
`1128`	`1158`	`{`
`1129`	`1159`	`string argument = "ReplyToIPs";`
`@@ -1138,6 +1168,13 @@ public static void GetHelp(string arg)`
`1138`	`1168`	`OutputHelp(argument, description);`
`1139`	`1169`	`}`
`1140`	`1170`
	`1171`	`+ if (nullarg \|\| string.Equals(arg, "REPLYTOQUERIES"))`
	`1172`	`+ {`
	`1173`	`+ string argument = "ReplyToqueries";`
	`1174`	`+ string description = "Default=All: Comma separated list of name queries to respond to when spoofing.";`
	`1175`	`+ OutputHelp(argument, description);`
	`1176`	`+ }`
	`1177`	`+`
`1141`	`1178`	`if (nullarg \|\| string.Equals(arg, "SPOOFERIP"))`
`1142`	`1179`	`{`
`1143`	`1180`	`string argument = "SpooferIP";`