Nmap Development mailing list archives
Re: Nping->payload in --tcp-connect mode
From: "Luis MartinGarcia." <luis.mgarc () gmail com>
Date: Tue, 20 Dec 2011 00:02:09 +0100
On 12/19/2011 10:32 PM, Remo the Last wrote:
hello anyone, this is my first post on this list. My name is Marco (Re | Remo the Last | RemotheLast) and it is a pleasure to be part of it. So, I post on the list for the specific application Nping. I often use packet generators for my tests on local devices or few times (not very ethical) remote devices just to have a true prove of what I am doing. I use scapy (so python) and I have a good experience on net scanners using Perl. I am not the best on both languages but I can say my programs are perfectly working. Nping is a good packet generator but I found it has a limitation on the argument --tcp-connect because it does not allow any payload to send. If I use the argument -tcp there is a payload but there is no connection with the server. I understand the reasons of these two arguments: 1) Nping is a prober based on packet crafting 2) Nping analyses the answers of the remote devices. Using scapy I have created a software that connects to a remote device (on any tcp port) and floods it using a raw stream. So, I flood the remote port with an unlimited number of packets using a tcp connection. It is more than a simple flooder. Very often I get the remote down on port 23 and 53 (other ports are vulnerable but have to be tested). Using this program I found that many Cisco devices are very vulnerable to my attack and other brands are vulnerable to this attack even on secure connections they try to provide. This program is made using scapy, and inside of it, I create a crafted payload that i can use for specific injections. And it works. So, the question is: "Is it possible to create a function for Nping that permits to send any specific payload using the --tcp-connect argument?" I can say it would reduce (at max) my program because Nping, with this argument I am suggesting, will does it all !
Hi Marco, I have implemented that functionality on an experimental branch of Nping (revisions r27556 r27557 and r27558). The branch is called nping-bugfixes and is in /nmap-exp/luis/nping-bugfixes in Nmap's SVN repo. You can give it a try if you want, but the code is still buggy and there is a lot of functionality that has not been implemented yet. However, note that future versions of Nping will implement payloads for --tcp-connect mode so you can always wait until the experimental branch gets merged into trunk. Best regards, Luis MartinGarcia. _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Nping->payload in --tcp-connect mode Remo the Last (Dec 19)
- Re: Nping->payload in --tcp-connect mode Luis MartinGarcia. (Dec 19)
- Re: Nping->payload in --tcp-connect mode Luis MartinGarcia. (Dec 19)
- Re: Nping->payload in --tcp-connect mode Luis MartinGarcia. (Dec 19)