Home page logo
/

pen-test logo Penetration Testing mailing list archives

Re: nbns spoofer
From: "Robin Wood" <dninja () gmail com>
Date: Thu, 29 Mar 2007 20:50:40 +0100

You beat me to it! I got distracted from finishing my version by going
to shmoocon but I'll get it finished anyway and release it.

Robin

On 3/29/07, Robert Wesley McGrew <wesley () mcgrewsecurity com> wrote:
I realize I'm perfoming some thread/discussion necromancy here, but this
seemed like an appropriate place to announce that I just released a small
tool, NBNSpoof, written in Python with Scapy that spoofs NBNS name query
responses:

http://www.mcgrewsecurity.com/projects/nbnspoof/

Personally, *I* like it better than the FakeNetBIOS solution, but then
again, I would wouldn't I?  Users can specify what names they want to
respond to by a regular expression, and what IP address and MAC address the
spoofed response should contain as the source.  It's pretty easy to modify
to suit one's needs, as well.

Since it's such a simple app, I wrote up a series of blog posts detailing
the creation of it, to help out those who don't already write their own
tools and show them that it's really not that difficult.

Hope this helps someone out!

On 3/14/07, Robin Wood <dninja () gmail com> wrote:
> Hi
> I'm going to be using the tool as part of wifi pentest (adding it to
> the karma suite) so I won't have access to the clients boxes.
>
> It is handy to know that that setting is there though, it may come in
handy.
>
> I'm actually working on a tool to do this job and will release it
> soon. I've just got to get back into C after doing years of php. Big
> differences!
>
> Robin
>
> PS I've just looked at the page referenced and the whole thing is
> right justified, looks very odd! Is it just me this happens for?
>
> On 3/14/07, AdamT <adwulf () gmail com> wrote:
> > On 12/03/07, Robin Wood < dninja () gmail com> wrote:
> > > Hi
> > > Thanks for that. The tool currently only responds to the netbios name
> > > it is told to so I'm going to give it a bit of the karma treatment and
> > > get it to respond to any names. After that it should do what I'm after
> > > nicely.
> > >
> > If the tool you're using is running on Windows, could it be that you
> > need to apply the DisableStrictNameChecking registry key?
> >
> > http://support.microsoft.com/kb/281308
> >
> >
> > --
> > AdamT
> > "Just pick a random entry in the BNF and ship it to Surbiton, please"
> >
>
>
------------------------------------------------------------------------
> This List Sponsored by: Cenzic
>
> Need to secure your web apps?
> Cenzic Hailstorm finds vulnerabilities fast.
> Click the link to buy it, try it or download Hailstorm for FREE.
>
>
http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
>
------------------------------------------------------------------------
>



--
Robert Wesley McGrew
http://mcgrewsecurity.com

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.

http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]