Re: POC Payloader dat

[Jay Fink <jay.fink () gmail com>]

On Mon, Dec 21, 2009 at 2:16 PM, David Fifield <david () bamsoftware com> wrote:

> > /* payload_citrix */
> > udp  1604,1645,1812
> >   "\x1e\x00\x01\x30\x02\xfd\xa8\xe3\x00\x00\x00\x00\x00\x00\x00\x00"
> >   "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
> >   source 100
>
> Thanks, that looks really good. Now that I've thought about it some
> more, I think the file should use # comments instead of /* */ comments
> for uniformity with the other data files. Commonents would still be
> allowed between lines of the payload.
>
> I agree with you that we don't need the "payload" specifier. "udp" works
> fine as a keyword.
>
> I'm happy with this format if you want to get started.

Excellent. I'll probably start fiddling with it this weekend.

> > So basically - pending that first label - I am about ready to jump off.
> > I will need to do some more mining to figure out which payloads can
> > share dports and who might need a non-magic sport but at least with
> > the format down I can get started.
>
> So far our needs for this are modest. The radius probe having two
> destination ports and the ike wanting a source port of 500 are the only
> examples I know of.

Thanks again for the input.

 j
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/