PaulDotCom mailing list archives
A weird request.
From: dninja at gmail.com (Robin Wood)
Date: Tue, 27 Jan 2009 23:26:02 +0000
2009/1/27 Robin Wood <dninja at gmail.com>:
2009/1/27 Rob Fuller <jd.mubix at gmail.com>:Nick, Robin, Dimitrios, Listening on all ports is not the hard part as Nick shows below. The hard part is creating that client/server setup so that when a pen-tester is on the inside, they can run "bob.exe" or "bob.[rb|py|pl]" and it comes back with "22,80 (proxied),443,3389". Nmap may be able to accomplish this, especially with a NSE script and the most TCP Connect scan. Plus the speed markers would be able to help you stay under the radar when doing this.(i.e. -T1). So the listener could simply echo "Hello" and respawn, and the script could look for "Hello". Anyways, I look forward to seeing what you guys come up with. RobI'll add that as a feature. The script I've written is in ruby so will be able to run any windows (I assume) or linux Robin
Finished, the result is ear trumpet. A pair of applications, ear which listens on a specified port range and trumpet which tries to make a connection to it. You can download it from: http://www.digininja.org/ear_trumpet.php It probably needs some work, and I know of a couple of issues, but it seems to work ok. Give it a go and see what you think. I'm sure I'll get some feedback. Robin
2009/1/26 Nick Baronian <nbaronian at gmail.com>I don't know .Net but I remember some old school DOS scripting. So how about netcat with something like this %echo off set /a count=0 :openport set /a count=%count%+1 if %count% ==65535 (goto :eof) else (echo Listening on port %count%) && (nc -l -p %count% -d) && (nc -l -u -p %count% -d) goto :openport I haven't had a chance to test it but I believe netcat will spit out an error when it can't bind to a port, so it should continue thru the loop. You could use an app like pskill to kill all the processes using nc.exe when you are done testing. -Nick Baronian 2009/1/26 Rob Fuller <jd.mubix at gmail.com>Anyone willing to make this program? I assume it would be a bit easier on linux using iptables and just listening on one port with PORT_FORWARD. Just a thought. 2009/1/22 Dimitrios Kapsalis <dimitrios at gmail.com>As hinted before, wouldn't be to hard to write a .net program since this is for windows, that loops across all 65,000 ports and check if its being used, if not then open a port for listening. 2009/1/22 Rob Fuller <jd.mubix at gmail.com>I'ave actually been in the market for this myself. It would be a great way of determining what egress options you have on a pentest. On Thu, Jan 22, 2009 at 3:59 PM, "Luis Mart?n." <luis.mgarc at gmail.com> wrote:Dunno of any program but it should not be difficult to code something for it. Best way is probably: - Create a simple sniffer using libpcap - Listen on evertything - Generate TCP-SYN/ACKs using raw sockets and send them back. Have a look at some examples of simple pcap sniffers here: www.programming-pcap.aldabaknocking.com (file tcsyndos.c shouldn't be too difficult to modify for your needs, it already crafts custom TCP packets). Sam Buhlig wrote:Does anyone know of software that will run on a windows box that will respond on all ports. It does not have to be the correct protocol or anything. Doing some firewall testing and want a box that responds on any and all ports if possible. Thanks in advance. ------------------------------------------------------------------------ _______________________________________________ Pauldotcom mailing list Pauldotcom at mail.pauldotcom.com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com_______________________________________________ Pauldotcom mailing list Pauldotcom at mail.pauldotcom.com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com_______________________________________________ Pauldotcom mailing list Pauldotcom at mail.pauldotcom.com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com_______________________________________________ Pauldotcom mailing list Pauldotcom at mail.pauldotcom.com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com_______________________________________________ Pauldotcom mailing list Pauldotcom at mail.pauldotcom.com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com_______________________________________________ Pauldotcom mailing list Pauldotcom at mail.pauldotcom.com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com_______________________________________________ Pauldotcom mailing list Pauldotcom at mail.pauldotcom.com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
Current thread:
- A weird request., (continued)
- A weird request. Huzeyfe ONAL(Gmail) (Jan 22)
- A weird request. "Luis MartÃn." (Jan 22)
- A weird request. Rob Fuller (Jan 22)
- A weird request. Dimitrios Kapsalis (Jan 22)
- A weird request. Rob Fuller (Jan 26)
- A weird request. Dimitrios Kapsalis (Jan 26)
- A weird request. Robin Wood (Jan 26)
- A weird request. Nick Baronian (Jan 26)
- A weird request. Rob Fuller (Jan 27)
- A weird request. Robin Wood (Jan 27)
- A weird request. Robin Wood (Jan 27)
- A weird request. Jack Daniel (Jan 28)
- A weird request. Rob Fuller (Jan 22)