Re: Nping->payload in --tcp-connect mode

["Luis MartinGarcia." <luis.mgarc () gmail com>]

On 12/19/2011 10:32 PM, Remo the Last wrote:
> hello anyone, this is my first post on this list.
> My name is Marco (Re | Remo the Last | RemotheLast) and it is a pleasure to be part of it.
>
> So, I post on the list for the specific application Nping.
> I often use packet generators for my tests on local devices or few times (not very ethical) remote devices just to 
> have a true prove of what I am doing. I use scapy (so python) and I have a good experience on net scanners using 
> Perl. I am not the best on both languages but I can say my programs are perfectly working.
>
> Nping is a good packet generator but I found it has a limitation on the argument --tcp-connect because it does not 
> allow any payload to send. If I use the argument -tcp there is a payload but there is no connection with the server. 
> I understand the reasons of these two arguments: 1) Nping is a prober based on packet crafting 2) Nping analyses the 
> answers of the remote devices.
>
> Using scapy I have created a software that connects to a remote device (on any tcp port) and floods it using a raw 
> stream. So, I flood the remote port with an unlimited number of packets using a tcp connection. It is more than a 
> simple flooder. Very often I get the remote down on port 23 and 53 (other ports are vulnerable but have to be 
> tested). Using this program I found that many Cisco devices are very vulnerable to my attack and other brands are 
> vulnerable to this attack even on secure connections they try to provide. This program is made using scapy, and 
> inside of it, I create a crafted payload that i can use for specific injections. And it works.
>
> So, the question is: "Is it possible to create a function for Nping that permits to send any specific payload using 
> the --tcp-connect argument?"
>
> I can say it would reduce (at max) my program because Nping, with this argument I am suggesting, will does it all !

Hi Marco,

I have implemented that functionality on an experimental branch of Nping
(revisions r27556 r27557 and r27558). The branch is called
nping-bugfixes and is in /nmap-exp/luis/nping-bugfixes in Nmap's SVN
repo. You can give it a try if you want, but the code is still buggy and
there is a lot of functionality that has not been implemented yet.

However, note that future versions of Nping will implement payloads for
--tcp-connect mode so you can always wait until the experimental branch
gets merged into trunk.

Best regards,

Luis MartinGarcia.



_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/