Home page logo
/

nmap-dev logo Nmap Development mailing list archives

Nping->payload in --tcp-connect mode
From: Remo the Last <remothelast () yahoo it>
Date: Mon, 19 Dec 2011 21:32:35 +0000 (GMT)



hello anyone, this is my first post on this list.
My name is Marco (Re | Remo the Last | RemotheLast) and it is a pleasure to be part of it.

So, I post on the list for the specific application Nping.
I often use packet generators for my tests on local devices or few times (not very ethical) remote devices just to have 
a true prove of what I am doing. I use scapy (so python) and I have a good experience on net scanners using Perl. I am 
not the best on both languages but I can say my programs are perfectly working.

Nping is a good packet generator but I found it has a limitation on the argument --tcp-connect because it does not 
allow any payload to send. If I use the argument -tcp there is a payload but there is no connection with the server. I 
understand the reasons of these two arguments: 1) Nping is a prober based on packet crafting 2) Nping analyses the 
answers of the remote devices.

Using scapy I have created a software that connects to a remote device (on any tcp port) and floods it using a raw 
stream. So, I flood the remote port with an unlimited number of packets using a tcp connection. It is more than a 
simple flooder. Very often I get the remote down on port 23 and 53 (other ports are vulnerable but have to be tested). 
Using this program I found that many Cisco devices are very vulnerable to my attack and other brands are vulnerable to 
this attack even on secure connections they try to provide. This program is made using scapy, and inside of it, I 
create a crafted payload that i can use for specific injections. And it works.

So, the question is: "Is it possible to create a function for Nping that permits to send any specific payload using the 
--tcp-connect argument?"

I can say it would reduce (at max) my program because Nping, with this argument I am suggesting, will does it all !


This is all.
Thank you, hope read answers soon.

Re
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]