Home page logo
/

pen-test logo Penetration Testing mailing list archives

Re: Tool for sending malicious traffic to destination system
From: Chris Brenton <cbrenton () chrisbrenton org>
Date: Tue, 01 Jan 2008 08:26:01 -0500

On Mon, 2007-12-31 at 10:59 +0530, Ravi wrote:

I'm kinda looking to do a decoy scanning with traffic similar to Nessus.

How easy/hard depends on what they have on the other end. For example: 

hping -a 192.168.1.10 -E attack.txt -A -p 80 10.10.10.1

Will send a TCP ACK packet to port 80 at 10.10.10.1 from the source IP
192.168.1.10. The payload will be the contents of the file "attack.txt".
This file should contain some well known signature that an IDS/IPS will
trigger on such as:

GET /cgi-bin/wrap

or similar. Now, the above will only work if the IDS/IPS in question *is
not* stateful. If it is, you need to do a UDP based attack. Something
like:

hping -a 192.168.1.10 -E attack.txt -2 -p 53 10.10.10.1

Where 10.10.10.1 is their name server and attack.txt contains something
like:
version.bind

HTH,
Chris
-- 
cbrenton () chrisbrenton org

Did you know:
When a Windows system sends an Echo-Request, it codes in how many
Echo-Requests have been transmitted since the last reboot. This can be
helpful in locating zombies. 

Visit http://www.sans.org/info/16981 to find out how you can learn more.




------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]