Re: nmapbot: using instant messaging as a remote administration tool

[Kevin <KKadow () gmail com>]

I do not want to discourage you, however this is not new ground.

On Tue, 05 Oct 2004 00:53:14 -0400, Abe Usher <abe.usher () sharp-ideas net> wrote:
> I've created a small proof of concept named "nmapbot" that shows it is
> possible to use instant messaging as a platform for remote command and
> control of computer systems.

I guess you haven't had the joy of dealing with any of the dozens of
Windows trojans in the past several years (SDbot, etc) which carry
remote backdoor IRC bots, some of which include nmap explicitly.

The first documented instance I can find (in a cursory search) of an
IRC bot with nmap hooks dates to 1999, implemented by Yasholomew
Yashinski.


> Purpose:
> - --------
> To create a semi-intelligent security bot that uses instant messaging as
> a platform for receiving commands and returning results.
>
> Method:
> - -------
> Using Python, the AOL TOC protocol, Bayesian language processing, and
> nmap 3.70, I hacked together a little bot that can run nmap and ping.
> Future editions will include additional commands =)

Bayesian language processing?


> Security pundits have been promoting the idea that IM is unsafe for
> several years...

Absolutely.  However this type of "willing agent" insider attack may
not be a particularly good example of the reasons why pundits are so
down on IM protocols across security boundaries.


> nmapbot provides some new considerations to an old idea -- using
> ordinarily legitimate communication channels for unintended purposes.

I'll admit that doing this with AOL Instant Messenger may be a new twist.

You might want to look into tying into GPG to provide authentication
of the command channel.  With the wrong (or right) options, nmap can
look a lot like a DoS...


Kevin
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards