Nmap Development mailing list archives
ANNOUNCE: New HCSW utility: unix2inet-bridge.c
From: doug () hcsw org
Date: Mon, 18 Feb 2008 17:04:27 -0800
Hi nmap-dev, HCSW is pleased to announce a simple but useful utility: http://hcsw.org/downloads/unix2inet-bridge.c When you're examining the network setup of a unix machine, naturally you are usually most interested in AF_INET and AF_INET6, the address families for IPv4 and IPv6. With version detection (-sV) you can gather all sorts of interesting information from these services. But what do you do to identify sockets of the lesser-known family AF_UNIX? Tools like lsof/netstat are helpful, but of course we want to use Nmap! AF_UNIX is potentially packed with interesting, unexplored services. Here is a list of them on my Debian laptop, many of which aren't (yet) identified with -sV: # netstat -an|grep '^unix'|grep LISTEN unix 2 [ ACC ] STREAM LISTENING 6915 @/var/run/hald/dbus-0hFDCqTi1k unix 2 [ ACC ] STREAM LISTENING 8864 /tmp/orbit-doug/linc-cca-0-590c56e8c2648 unix 2 [ ACC ] STREAM LISTENING 11726 /var/run/postgresql/.s.PGSQL.5432 unix 2 [ ACC ] STREAM LISTENING 7356 /var/run/avahi-daemon/socket unix 2 [ ACC ] STREAM LISTENING 7427 /var/run/dirmngr/socket unix 2 [ ACC ] STREAM LISTENING 7674 /tmp/.X11-unix/X0 unix 2 [ ACC ] STREAM LISTENING 7474 /dev/printer unix 2 [ ACC ] STREAM LISTENING 6916 @/var/run/hald/dbus-S0JFPFQnT2 unix 2 [ ACC ] STREAM LISTENING 7625 /tmp/.gdm_socket unix 2 [ ACC ] STREAM LISTENING 7930 @/tmp/dbus-lGbuMgSqxq unix 2 [ ACC ] STREAM LISTENING 6900 /var/run/dbus/system_bus_socket unix 2 [ ACC ] STREAM LISTENING 7918 /tmp/ssh-cuhDDB3014/agent.3014 unix 2 [ ACC ] STREAM LISTENING 7921 /tmp/ssh-duhDDB3014/agent.3014 unix 2 [ ACC ] STREAM LISTENING 7985 /tmp/ksocket-doug/kdeinit__0 unix 2 [ ACC ] STREAM LISTENING 7987 /tmp/ksocket-doug/kdeinit-:0 unix 2 [ ACC ] STREAM LISTENING 7996 /tmp/.ICE-unix/dcop3126-1203374319 unix 2 [ ACC ] STREAM LISTENING 8096 /tmp/.ICE-unix/3137 unix 2 [ ACC ] STREAM LISTENING 8018 /tmp/ksocket-doug/klauncherPP5nnc.slave-socket unix 2 [ ACC ] STREAM LISTENING 8854 /tmp/orbit-doug/linc-cce-0-14a91fe49129c unix2inet-bridge.c lets us bridge these unix sockets into the inet domain, primarily so we can run Nmap on them, but also as a general-purpose socket bridge between families. First we compile the bridge program: # gcc -Wall -O3 unix2inet-bridge.c -o unix2inet-bridge Next we pick an inet port and a unix domain socket to bridge, ensuring that we have the necessary port and filesystem privileges. Let's pick the port 31337 and the postgres unix socket /var/run/postgresql/.s.PGSQL.5432: # ./unix2inet-bridge 31337 /var/run/postgresql/.s.PGSQL.5432 This command will pause indefinitely, bridging all connections from port 31337 to the unix socket. We could've put an & at the end of the command to run it in the background instead. Now we can run Nmap (or any other AF_INET capable program) against port 31337: # ./nmap -sV -p 31337 localhost Starting Nmap 4.53 ( http://nmap.org ) at 2008-02-18 16:37 PST Interesting ports on localhost.localdomain (127.0.0.1): PORT STATE SERVICE VERSION 31337/tcp open postgresql PostgreSQL DB Service detection performed. Please report any incorrect results at http://nmap.org/submit/ . Nmap done: 1 IP address (1 host up) scanned in 6.280 seconds Sweet. Now kill the unix2inet-bridge process before somebody else finds it! Doug Hoyte and HCSW Labs
Attachment:
signature.asc
Description: Digital signature
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- ANNOUNCE: New HCSW utility: unix2inet-bridge.c doug (Feb 18)
- Re: ANNOUNCE: New HCSW utility: unix2inet-bridge.c Kris Katterjohn (Feb 20)
- Re: ANNOUNCE: New HCSW utility: unix2inet-bridge.c Richard Sammet (Feb 21)
- Re: ANNOUNCE: New HCSW utility: unix2inet-bridge.c doug (Feb 27)