Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Two NSE questions

From: Ron <ron () skullsecurity net>
Date: Mon, 31 Aug 2009 20:39:21 -0500
On 08/30/2009 12:57 AM, Fyodor wrote:

On Sat, Aug 29, 2009 at 08:46:39PM -0500, Ron wrote:


First, I need to set my source port to UDP/68 for these transactions. I
don't see any way to do that using the connect() function. I realize
that UDP/68 is reserved so r00t is required, but -sU requires root anyways.


This is supported by Nsock, but there may not currently be an NSE
binding for using this feature.  Ncat supports this (try ncat -u -p 68
scanme.nmap.org).  In Nsock, I think you basically just call this
function:

/* Sets the local address to bind to before connect() */
int nsi_set_localaddr(nsock_iod nsi, struct sockaddr_storage *ss, size_t sslen);

The local address and/or port number can be specified in the
sockaddr_storage.  Here is how ncat does it:

     if (srcport != -1) {
         if (o.listen)
             bye("-l and -p are incompatible.  Specify the address and port to bind to like you would a host to connect 
to.");

         if (srcaddr.storage.ss_family == AF_UNSPEC)
             srcaddr.storage.ss_family = o.af;
         if (o.af == AF_INET) {
             srcaddr.in.sin_port = htons((unsigned short) srcport);
             if (!srcaddrlen)
                 srcaddrlen = sizeof(srcaddr.in);
         }
#ifdef HAVE_IPV6
         else {
             srcaddr.in6.sin6_port = htons((unsigned short) srcport);
             if (!srcaddrlen)
                 srcaddrlen = sizeof(srcaddr.in6);
         }
#endif
     }

Cheers,
-F
Hey, would somebody mind adding this? It'd be nice to have, and I don't really want to muck around in the bindings myself.
On a related topic, it'd also be nice to have some method of creating a listening socket. That'd make it easier to port exploits to NSE from their original Perl/Python/whatever. It'd be fun implementing exploits in Nmap :). I don't think Nsock has that capability, though, so it might be a lot of work? 

Ron

--
Ron Bowes
http://www.skullsecurity.org/

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org
Previous By Date Next
Previous By Thread Next

Current thread: