Penetration Testing mailing list archives
Re: Inverse Mapping Layout Through Scapy
From: "Aditya K Sood" <zeroKnock () metaeye Org>
Date: Fri, 2 Mar 2007 09:48:32 -0500 (EST)
Hi ced Its very nice to have your response. I ll get to ur point one by one. 0xa] First of all the inverse mapping , acc to standard is a technique to check the host is alive or running services.This is accomplished by sending a Reset flag to the destination.The reset flag relates to almost connection closed stats.This means if the host is alive or having services , the host repond with nothing or error message.The nothing tells us the host is alive and some services are running.Error message says the host is down. This is overall layout. 0xb] When we get to scapy the port i used is open at the target. So i checked gainst it with reset packet , the scpay works it in different way.If you look i used sr command instead of send which means ia m going after send and recieve st same time. Look at this: send(<command stat> ans,unans=srloop(<coomand stats>) ans.summary() --> get to you to the answer of the packet sent. unans.summary() --> get to you to the unanswe response. Since the sending of packet is going from the sender and its failing because no "RA" or Another response is generated.The packet is totally failed or getting rejected.This gives us an intimation regarding the host alive and running services.The packet should fail in most of cases. 0xc] The question of padding is i used it in just a raw data to be attached and to check it has some implications or not or whether it is changing the output stats. Example:- For syn scan if u set "S" packet with same stats you will het "SA".If you try "F" , the closed port will reset it and open port will not respond.
Le mardi 27 février 2007 à 04:23 +0530, Aditya Sood a écrit :Want to know your views about Inverse mapping with padding through scapy.I have recently put a blog entry http://zeroknock.blogspot.com/2007/02/inverse-mapping-via-packet-crafting.html Throw more views in this aspect.Can you please be more specific about what you mean by "inverse mapping" ? I'm not familiar with this, and thus I don't get what you're trying to show by adding/removing *raw data* to your TCP RST... Especialy, what do you mean by "there's a skip in packet from the other side" ? Is it related to the one out of two "blank lines", that is in fact written using black color (shown with <- below) and thus being invisible on your black background ?srloop(IP(dst="www.google.com", ttl=64)/TCP(dport=80,flags="R")/"XXXXXXXX") fail 1: IP / TCP 172.16.134.22:ftp-data > 216.239.59.147:www R / Raw <- fail 1: IP / TCP 172.16.134.22:ftp-data > 216.239.59.147:www R / Raw fail 1: IP / TCP 172.16.134.22:ftp-data > 216.239.59.147:www R / Raw <- fail 1: IP / TCP 172.16.134.22:ftp-data > 216.239.59.147:www R / Raw fail 1: IP / TCP 172.16.134.22:ftp-data > 216.239.59.147:www R / Raw <- fail 1: IP / TCP 172.16.134.22:ftp-data > 216.239.59.147:www R / Raw fail 1: IP / TCP 172.16.134.22:ftp-data > 216.239.59.147:www R / Raw <- fail 1: IP / TCP 172.16.134.22:ftp-data > 216.239.59.147:www R / Raw fail 1: IP / TCP 172.16.134.22:ftp-data > 216.239.59.147:www R / Raw <- send... Sent 9 packets, received 0 packets. 0.0% hits. (<Results: UDP:0 TCP:0 ICMP:0 Other:0>, <PacketList: UDP:0 TCP:9 ICMP:0 Other:0>) If so, you should switch to Bob Marley display: >>> conf.color_theme=RastaTheme() Then try again :) Note that IP()/TCP()/"XXXXXXXXX" adds "XXXXXXXXX" as raw TCP data. If you want to add padding, then you have to use the Padding method: IP()/TCP()/Padding("XXXXXXXXX") Then you'll get something slightly different:srloop(IP(dst="www.google.com", ttl=64)/TCP(dport=80,flags="R")/Padding("XXXXXXXXXX")) fail 1: IP / TCP 172.16.134.22:ftp-data > 66.102.9.147:www R / Padding fail 1: IP / TCP 172.16.134.22:ftp-data > 66.102.9.147:www R / Padding fail 1: IP / TCP 172.16.134.22:ftp-data > 66.102.9.147:www R / Padding fail 1: IP / TCP 172.16.134.22:ftp-data > 66.102.9.147:www R / Padding fail 1: IP / TCP 172.16.134.22:ftp-data > 66.102.9.147:www R / Padding fail 1: IP / TCP 172.16.134.22:ftp-data > 66.102.9.147:www R / Padding fail 1: IP / TCP 172.16.134.22:ftp-data > 66.102.9.147:www R / Padding fail 1: IP / TCP 172.16.134.22:ftp-data > 66.102.9.147:www R / Padding send... Sent 8 packets, received 0 packets. 0.0% hits. (<Results: UDP:0 TCP:0 ICMP:0 Other:0>, <PacketList: UDP:0 TCP:8 ICMP:0 Other:0>) BTW, Scapy is indeed a wonderful tool. Regards. -- http://sid.rstack.org/ PGP KeyID: 157E98EE FingerPrint: FA62226DA9E72FA8AECAA240008B480E157E98EE Cansecwest/core07 *WiFi (in)Security* Security Masters Dojo, Vancouver http://cansecwest.com/dojowifi.html (Scapy WiFi programming included ;) ------------------------------------------------------------------------ This List Sponsored by: Cenzic Need to secure your web apps? Cenzic Hailstorm finds vulnerabilities fast. Click the link to buy it, try it or download Hailstorm for FREE. http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW ------------------------------------------------------------------------
-- Aditya K sood MetaEye Security Group. [MSG]http://www.metaeye.org [Zknk]http://zeroKnock.metaeye.Org [Blog]http://zeroknock.blogspot.com ------------------------------------------------------------------------ This List Sponsored by: Cenzic Need to secure your web apps? Cenzic Hailstorm finds vulnerabilities fast. Click the link to buy it, try it or download Hailstorm for FREE. http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW ------------------------------------------------------------------------
Current thread:
- Re: Inverse Mapping Layout Through Scapy Cedric Blancher (Mar 01)
- Re: Inverse Mapping Layout Through Scapy Aditya K Sood (Mar 04)
- Re: Inverse Mapping Layout Through Scapy Cedric Blancher (Mar 04)
- Re: Inverse Mapping Layout Through Scapy Aditya K Sood (Mar 04)
- Re: Inverse Mapping Layout Through Scapy Cedric Blancher (Mar 04)
- Re: Inverse Mapping Layout Through Scapy Aditya K Sood (Mar 04)