Penetration Testing mailing list archives
Re: Inverse Mapping Layout Through Scapy
From: Cedric Blancher <blancher () cartel-securite fr>
Date: Thu, 01 Mar 2007 11:37:33 +0000
Le mardi 27 février 2007 à 04:23 +0530, Aditya Sood a écrit :
Want to know your views about Inverse mapping with padding through scapy.I have recently put a blog entry http://zeroknock.blogspot.com/2007/02/inverse-mapping-via-packet-crafting.html Throw more views in this aspect.
Can you please be more specific about what you mean by "inverse mapping" ? I'm not familiar with this, and thus I don't get what you're trying to show by adding/removing *raw data* to your TCP RST... Especialy, what do you mean by "there's a skip in packet from the other side" ? Is it related to the one out of two "blank lines", that is in fact written using black color (shown with <- below) and thus being invisible on your black background ?
srloop(IP(dst="www.google.com", ttl=64)/TCP(dport=80,
flags="R")/"XXXXXXXX") fail 1: IP / TCP 172.16.134.22:ftp-data > 216.239.59.147:www R / Raw <- fail 1: IP / TCP 172.16.134.22:ftp-data > 216.239.59.147:www R / Raw fail 1: IP / TCP 172.16.134.22:ftp-data > 216.239.59.147:www R / Raw <- fail 1: IP / TCP 172.16.134.22:ftp-data > 216.239.59.147:www R / Raw fail 1: IP / TCP 172.16.134.22:ftp-data > 216.239.59.147:www R / Raw <- fail 1: IP / TCP 172.16.134.22:ftp-data > 216.239.59.147:www R / Raw fail 1: IP / TCP 172.16.134.22:ftp-data > 216.239.59.147:www R / Raw <- fail 1: IP / TCP 172.16.134.22:ftp-data > 216.239.59.147:www R / Raw fail 1: IP / TCP 172.16.134.22:ftp-data > 216.239.59.147:www R / Raw <- send... Sent 9 packets, received 0 packets. 0.0% hits. (<Results: UDP:0 TCP:0 ICMP:0 Other:0>, <PacketList: UDP:0 TCP:9 ICMP:0 Other:0>) If so, you should switch to Bob Marley display: >>> conf.color_theme=RastaTheme() Then try again :) Note that IP()/TCP()/"XXXXXXXXX" adds "XXXXXXXXX" as raw TCP data. If you want to add padding, then you have to use the Padding method: IP()/TCP()/Padding("XXXXXXXXX") Then you'll get something slightly different:
srloop(IP(dst="www.google.com", ttl=64)/TCP(dport=80,
flags="R")/Padding("XXXXXXXXXX")) fail 1: IP / TCP 172.16.134.22:ftp-data > 66.102.9.147:www R / Padding fail 1: IP / TCP 172.16.134.22:ftp-data > 66.102.9.147:www R / Padding fail 1: IP / TCP 172.16.134.22:ftp-data > 66.102.9.147:www R / Padding fail 1: IP / TCP 172.16.134.22:ftp-data > 66.102.9.147:www R / Padding fail 1: IP / TCP 172.16.134.22:ftp-data > 66.102.9.147:www R / Padding fail 1: IP / TCP 172.16.134.22:ftp-data > 66.102.9.147:www R / Padding fail 1: IP / TCP 172.16.134.22:ftp-data > 66.102.9.147:www R / Padding fail 1: IP / TCP 172.16.134.22:ftp-data > 66.102.9.147:www R / Padding send... Sent 8 packets, received 0 packets. 0.0% hits. (<Results: UDP:0 TCP:0 ICMP:0 Other:0>, <PacketList: UDP:0 TCP:8 ICMP:0 Other:0>) BTW, Scapy is indeed a wonderful tool. Regards. -- http://sid.rstack.org/ PGP KeyID: 157E98EE FingerPrint: FA62226DA9E72FA8AECAA240008B480E157E98EE Cansecwest/core07 *WiFi (in)Security* Security Masters Dojo, Vancouver http://cansecwest.com/dojowifi.html (Scapy WiFi programming included ;) ------------------------------------------------------------------------ This List Sponsored by: Cenzic Need to secure your web apps? Cenzic Hailstorm finds vulnerabilities fast. Click the link to buy it, try it or download Hailstorm for FREE. http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW ------------------------------------------------------------------------
Current thread:
- Re: Inverse Mapping Layout Through Scapy Cedric Blancher (Mar 01)
- Re: Inverse Mapping Layout Through Scapy Aditya K Sood (Mar 04)
- Re: Inverse Mapping Layout Through Scapy Cedric Blancher (Mar 04)
- Re: Inverse Mapping Layout Through Scapy Aditya K Sood (Mar 04)
- Re: Inverse Mapping Layout Through Scapy Cedric Blancher (Mar 04)
- Re: Inverse Mapping Layout Through Scapy Aditya K Sood (Mar 04)