Home page logo
/

pen-test logo Penetration Testing mailing list archives

Re: Inverse Mapping Layout Through Scapy
From: Cedric Blancher <blancher () cartel-securite fr>
Date: Thu, 01 Mar 2007 11:37:33 +0000

Le mardi 27 février 2007 à 04:23 +0530, Aditya Sood a écrit :
                   Want to know your views about Inverse mapping with 
padding through scapy.I have recently put a blog entry
http://zeroknock.blogspot.com/2007/02/inverse-mapping-via-packet-crafting.html
Throw more views in this aspect.

Can you please be more specific about what you mean by "inverse
mapping" ? I'm not familiar with this, and thus I don't get what you're
trying to show by adding/removing *raw data* to your TCP RST...

Especialy, what do you mean by "there's a skip in packet from the other
side" ? Is it related to the one out of two "blank lines", that is in
fact written using black color (shown with <- below) and thus being
invisible on your black background ?

srloop(IP(dst="www.google.com", ttl=64)/TCP(dport=80,
flags="R")/"XXXXXXXX")
fail 1: IP / TCP 172.16.134.22:ftp-data > 216.239.59.147:www R / Raw <-
fail 1: IP / TCP 172.16.134.22:ftp-data > 216.239.59.147:www R / Raw
fail 1: IP / TCP 172.16.134.22:ftp-data > 216.239.59.147:www R / Raw <-
fail 1: IP / TCP 172.16.134.22:ftp-data > 216.239.59.147:www R / Raw
fail 1: IP / TCP 172.16.134.22:ftp-data > 216.239.59.147:www R / Raw <-
fail 1: IP / TCP 172.16.134.22:ftp-data > 216.239.59.147:www R / Raw
fail 1: IP / TCP 172.16.134.22:ftp-data > 216.239.59.147:www R / Raw <-
fail 1: IP / TCP 172.16.134.22:ftp-data > 216.239.59.147:www R / Raw
fail 1: IP / TCP 172.16.134.22:ftp-data > 216.239.59.147:www R / Raw <-
send...
Sent 9 packets, received 0 packets. 0.0% hits.
(<Results: UDP:0 TCP:0 ICMP:0 Other:0>, <PacketList: UDP:0 TCP:9 ICMP:0
Other:0>)

If so, you should switch to Bob Marley display:

        >>> conf.color_theme=RastaTheme()

Then try again :)

Note that IP()/TCP()/"XXXXXXXXX" adds "XXXXXXXXX" as raw TCP data. If
you want to add padding, then you have to use the Padding method:

        IP()/TCP()/Padding("XXXXXXXXX")

Then you'll get something slightly different:

srloop(IP(dst="www.google.com", ttl=64)/TCP(dport=80,
flags="R")/Padding("XXXXXXXXXX"))
fail 1: IP / TCP 172.16.134.22:ftp-data > 66.102.9.147:www R / Padding
fail 1: IP / TCP 172.16.134.22:ftp-data > 66.102.9.147:www R / Padding
fail 1: IP / TCP 172.16.134.22:ftp-data > 66.102.9.147:www R / Padding
fail 1: IP / TCP 172.16.134.22:ftp-data > 66.102.9.147:www R / Padding
fail 1: IP / TCP 172.16.134.22:ftp-data > 66.102.9.147:www R / Padding
fail 1: IP / TCP 172.16.134.22:ftp-data > 66.102.9.147:www R / Padding
fail 1: IP / TCP 172.16.134.22:ftp-data > 66.102.9.147:www R / Padding
fail 1: IP / TCP 172.16.134.22:ftp-data > 66.102.9.147:www R / Padding
send...
Sent 8 packets, received 0 packets. 0.0% hits.
(<Results: UDP:0 TCP:0 ICMP:0 Other:0>, <PacketList: UDP:0 TCP:8 ICMP:0
Other:0>)


BTW, Scapy is indeed a wonderful tool.


Regards.


-- 
http://sid.rstack.org/
PGP KeyID: 157E98EE FingerPrint: FA62226DA9E72FA8AECAA240008B480E157E98EE
Cansecwest/core07 *WiFi (in)Security* Security Masters Dojo, Vancouver
http://cansecwest.com/dojowifi.html (Scapy WiFi programming included ;)

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.

http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]