Nmap Development mailing list archives

Re: ANNOUNCE: New HCSW utility: unix2inet-bridge.c

From: "Richard Sammet" <richard.sammet () googlemail com>
Date: Thu, 21 Feb 2008 13:35:00 +0100

Hi doug,

first of all -> simple and useful, thanks!

if you do not want to worry about that:

 Sweet. Now kill the unix2inet-bridge process before somebody else finds it!


apply that patch http://e-axe.mytty.org/stuff/unix2inet-bridge_ip-bind.patch

=)

greets,
richard


On Tue, Feb 19, 2008 at 2:04 AM,  <doug () hcsw org> wrote:

Hi nmap-dev,

 HCSW is pleased to announce a simple but useful utility:

 http://hcsw.org/downloads/unix2inet-bridge.c

 When you're examining the network setup of a unix machine, naturally
 you are usually most interested in AF_INET and AF_INET6, the address
 families for IPv4 and IPv6. With version detection (-sV) you can gather
 all sorts of interesting information from these services. But what do
 you do to identify sockets of the lesser-known family AF_UNIX? Tools
 like lsof/netstat are helpful, but of course we want to use Nmap!

 AF_UNIX is potentially packed with interesting, unexplored services.
 Here is a list of them on my Debian laptop, many of which aren't (yet)
 identified with -sV:

 # netstat -an|grep '^unix'|grep LISTEN
 unix  2      [ ACC ]     STREAM     LISTENING     6915     @/var/run/hald/dbus-0hFDCqTi1k
 unix  2      [ ACC ]     STREAM     LISTENING     8864     /tmp/orbit-doug/linc-cca-0-590c56e8c2648
 unix  2      [ ACC ]     STREAM     LISTENING     11726    /var/run/postgresql/.s.PGSQL.5432
 unix  2      [ ACC ]     STREAM     LISTENING     7356     /var/run/avahi-daemon/socket
 unix  2      [ ACC ]     STREAM     LISTENING     7427     /var/run/dirmngr/socket
 unix  2      [ ACC ]     STREAM     LISTENING     7674     /tmp/.X11-unix/X0
 unix  2      [ ACC ]     STREAM     LISTENING     7474     /dev/printer
 unix  2      [ ACC ]     STREAM     LISTENING     6916     @/var/run/hald/dbus-S0JFPFQnT2
 unix  2      [ ACC ]     STREAM     LISTENING     7625     /tmp/.gdm_socket
 unix  2      [ ACC ]     STREAM     LISTENING     7930     @/tmp/dbus-lGbuMgSqxq
 unix  2      [ ACC ]     STREAM     LISTENING     6900     /var/run/dbus/system_bus_socket
 unix  2      [ ACC ]     STREAM     LISTENING     7918     /tmp/ssh-cuhDDB3014/agent.3014
 unix  2      [ ACC ]     STREAM     LISTENING     7921     /tmp/ssh-duhDDB3014/agent.3014
 unix  2      [ ACC ]     STREAM     LISTENING     7985     /tmp/ksocket-doug/kdeinit__0
 unix  2      [ ACC ]     STREAM     LISTENING     7987     /tmp/ksocket-doug/kdeinit-:0
 unix  2      [ ACC ]     STREAM     LISTENING     7996     /tmp/.ICE-unix/dcop3126-1203374319
 unix  2      [ ACC ]     STREAM     LISTENING     8096     /tmp/.ICE-unix/3137
 unix  2      [ ACC ]     STREAM     LISTENING     8018     /tmp/ksocket-doug/klauncherPP5nnc.slave-socket
 unix  2      [ ACC ]     STREAM     LISTENING     8854     /tmp/orbit-doug/linc-cce-0-14a91fe49129c

 unix2inet-bridge.c lets us bridge these unix sockets into the inet domain,
 primarily so we can run Nmap on them, but also as a general-purpose socket
 bridge between families.

 First we compile the bridge program:

 # gcc -Wall -O3 unix2inet-bridge.c -o unix2inet-bridge

 Next we pick an inet port and a unix domain socket to bridge, ensuring that
 we have the necessary port and filesystem privileges. Let's pick the port
 31337 and the postgres unix socket /var/run/postgresql/.s.PGSQL.5432:

 # ./unix2inet-bridge 31337 /var/run/postgresql/.s.PGSQL.5432

 This command will pause indefinitely, bridging all connections from port
 31337 to the unix socket. We could've put an & at the end of the command
 to run it in the background instead.

 Now we can run Nmap (or any other AF_INET capable program) against port 31337:

 # ./nmap -sV -p 31337 localhost

 Starting Nmap 4.53 ( http://nmap.org ) at 2008-02-18 16:37 PST
 Interesting ports on localhost.localdomain (127.0.0.1):
 PORT      STATE SERVICE    VERSION
 31337/tcp open  postgresql PostgreSQL DB

 Service detection performed. Please report any incorrect results at http://nmap.org/submit/ .
 Nmap done: 1 IP address (1 host up) scanned in 6.280 seconds


 Sweet. Now kill the unix2inet-bridge process before somebody else finds it!


 Doug Hoyte and HCSW Labs

-----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1.2.4 (GNU/Linux)

 iD8DBQFHuisa3LTjmOMguVMRAiYiAJ98QEuI7D8uMTk2p3cPGUJho3zKZgCfTWRn
 mr0pjJuiziEQGwryf46DqEY=
 =9+1r
 -----END PGP SIGNATURE-----


 _______________________________________________
 Sent through the nmap-dev mailing list
 http://cgi.insecure.org/mailman/listinfo/nmap-dev
 Archived at http://SecLists.Org




-- 
ATTENTION!
PLEASE ENCRYPT MESSAGES AND ATTACHMENTS IF THEY CONTAIN PRIVATE INFORMATION!

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org

Current thread:

ANNOUNCE: New HCSW utility: unix2inet-bridge.c doug (Feb 18)
- Re: ANNOUNCE: New HCSW utility: unix2inet-bridge.c Kris Katterjohn (Feb 20)
- Re: ANNOUNCE: New HCSW utility: unix2inet-bridge.c Richard Sammet (Feb 21)
  - Re: ANNOUNCE: New HCSW utility: unix2inet-bridge.c doug (Feb 27)