Re: nbns spoofer

["Robin Wood" <dninja () gmail com>]

Nikolaj
I've found that some windows applications do an netbios lookup as well
as, or instead of, a dns lookup. I can happily spoof dns entries but
the apps which also use netbios get an invalid netbios result so don't
work.

The last app which triggered my interest was outlook (maybe express
but probably not). I'm running the wifi app called karma which allows
you to become any AP which the clients are probing for and offer them
multiple services. There is a fake pop3 server and I tried testing it
with outlook but as it failed, a bit of packet sniffing found that
outlook was doing the netbios lookup so I started on my quest to find
something to allow me to reply to any netbios request with a given
(usually my own) IP address.

Robin

On 3/31/07, Nikolaj <lorddoskias () gmail com> wrote:
> Robin Wood wrote:
> > Typical, I asked for one of these twice in the past and no one
> > suggested anything, I think about writing one and suddenly two appear
> > at once!
> >
> > I'm still going to finish mine, just in case the other two turn out to
> > be mirages!
> >
> > Thanks
> >
> > Robin
> >
> > On 3/30/07, jmk <jmk () foofus net> wrote:
> >> On Thu, 2007-03-29 at 20:50 +0100, Robin Wood wrote:
> >> > You beat me to it! I got distracted from finishing my version by going
> >> > to shmoocon but I'll get it finished anyway and release it.
> >>
> >> Heh. Here's yet another implementation of this fun:
> >>
> >> http://www.foofus.net/~jmk/smbchallenge.html
> >>
> >> The patch is against Samba 3.0.24 and also includes using a fixed
> >> challenge for the LM/NTLM challenge/response process.
> >>
> >> Enjoy,
> >> Joe
> >>
> >>
> >
> > ------------------------------------------------------------------------
> > This List Sponsored by: Cenzic
> >
> > Need to secure your web apps?
> > Cenzic Hailstorm finds vulnerabilities fast.
> > Click the link to buy it, try it or download Hailstorm for FREE.
> >
> > http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
> >
> > ------------------------------------------------------------------------
> >
> >
>   Excuse me for entering your conversation, but I'm wondering what can
> be the applications of a NBNS spoofer?
>
> ------------------------------------------------------------------------
> This List Sponsored by: Cenzic
>
> Need to secure your web apps?
> Cenzic Hailstorm finds vulnerabilities fast.
> Click the link to buy it, try it or download Hailstorm for FREE.
>
> http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
> ------------------------------------------------------------------------

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.

http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------