Home page logo
/

pen-test logo Penetration Testing mailing list archives

Re: Tool for sending malicious traffic to destination system
From: Kish Pent <kish_pent () yahoo com>
Date: Fri, 4 Jan 2008 02:10:56 -0800 (PST)

Hey Ravi,

Hope you got the basic idea, you need a tool like
scapy for packet crafting attacks, you can't do much
with nmap for packet crafting, even though you're
mentioning a new word now... to spoof with nmap is
possible using the -S option. Basically stop using
automated tools like Nessus for a penetration test.

Nessus is recommended if you're on a pen-test with
considerable amount of machines. I've seen a lot of
people misconcept and use nessus in web-pen tests will
all options enabled (SQL injection checks and other
relevant checks are enough)

If you want to check what device is sitting in between
you and the target, do some network device testing
using tools like yersinia or fragroute. You can
ofcourse use scapy very well, provided you know some
python scripting.

There's a considerable amount of things that must be
in place to get things right. For now I'll conclude
saying that "don't use nessus" for one host or two
hosts and use other tools like amap,nmap and firewalk
in conjunction with nessus or use them inside nessus
(results or just the tool itself). 

There's a book on Nessus called Nessus Network
Auditing, from Syngress while you can alternately read
their documentation. If your goal is to spoof, just
spoof don't scan with Nessus or Nmap.

If you're in doubt, refer to the nmap documentation
here about Firewall / IDS evasion.
http://insecure.org/nmap/man/man-bypass-firewalls-ids.html

Cheers :)
Kish

--- Rolando Ruiz <jayro2809 () gmail com> wrote:

Would bouncing the scan of a, say FTP server do what
you want it to? All
you're looking to do is make it seem as if it's
coming from another host,
right?

On Dec 31, 2007 12:29 AM, Ravi <whitehaat () gmail com>
wrote:


Hi Kish & list,

I'm kinda looking to do a decoy scanning with
traffic similar to Nessus.
I understand I can't do decoy scanning with
Nessus. So if there is a
tool that could send malicious traffic like Nessus
to my target that
would be it!!! I'm basically trying to test a
network that blocks my IP
when I scan with Nessus. I want to prove to
customer that I can spoof a
source IP that would be blocked by your IPS
leading to a DoS issue.

Thax.

Kish Pent wrote:
Hey ,

You must define what you mean by malicious
traffic
before crafting it, based on which the tool can
be
selected. Your aim is to send malformed packets
which
in other words you're trying to interpret as
malicious
 traffic. By the way, nmap is no example for
sending
malicious traffic. Scapy is a very good packet
crafting tool, and it can be used for subsequent
port-scanning, protocol analysis, and best of
all,
it's just THE tool for packets. (it can do what
hping
can do for you, it can do what nmap,unicornscan
or
some other tools can do for you)

You might also want to check out the
www.secdev.org
website, Philippe Biondi from EADS has written
the
tool, and given some excellent docs and ppt(s)
out
there.

Cheers :)
Kish

--- Ravi <whitehaat () gmail com> wrote:


Hi guys...

Can anybody help me in finding a tool like
'nmap-(-D
decoy)' which can
send some malicious content  to a system...



Thanks & Regards,

Whitehaat







------------------------------------------------------------------------




--
Kishore, Penetration Tester,
17/1,Upstairs,Sarojini St,
Smart Security, T.Nagar,
Chennai - 600 017

Phone: 91 98841 80767


--
Kishore, Penetration Tester,
17/1,Upstairs,Sarojini St,
Smart Security, T.Nagar, 
Chennai - 600 017

Phone: 91 98841 80767


      ____________________________________________________________________________________
Be a better friend, newshound, and 
know-it-all with Yahoo! Mobile.  Try it now.  http://mobile.yahoo.com/;_ylt=Ahu06i62sR8HDtDypao8Wcj9tAcJ 


------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]