Nmap Development mailing list archives
Re: ANNOUNCE: New HCSW utility: unix2inet-bridge.c
From: "Richard Sammet" <richard.sammet () googlemail com>
Date: Thu, 21 Feb 2008 13:35:00 +0100
Hi doug, first of all -> simple and useful, thanks! if you do not want to worry about that:
Sweet. Now kill the unix2inet-bridge process before somebody else finds it!
apply that patch http://e-axe.mytty.org/stuff/unix2inet-bridge_ip-bind.patch =) greets, richard On Tue, Feb 19, 2008 at 2:04 AM, <doug () hcsw org> wrote:
Hi nmap-dev, HCSW is pleased to announce a simple but useful utility: http://hcsw.org/downloads/unix2inet-bridge.c When you're examining the network setup of a unix machine, naturally you are usually most interested in AF_INET and AF_INET6, the address families for IPv4 and IPv6. With version detection (-sV) you can gather all sorts of interesting information from these services. But what do you do to identify sockets of the lesser-known family AF_UNIX? Tools like lsof/netstat are helpful, but of course we want to use Nmap! AF_UNIX is potentially packed with interesting, unexplored services. Here is a list of them on my Debian laptop, many of which aren't (yet) identified with -sV: # netstat -an|grep '^unix'|grep LISTEN unix 2 [ ACC ] STREAM LISTENING 6915 @/var/run/hald/dbus-0hFDCqTi1k unix 2 [ ACC ] STREAM LISTENING 8864 /tmp/orbit-doug/linc-cca-0-590c56e8c2648 unix 2 [ ACC ] STREAM LISTENING 11726 /var/run/postgresql/.s.PGSQL.5432 unix 2 [ ACC ] STREAM LISTENING 7356 /var/run/avahi-daemon/socket unix 2 [ ACC ] STREAM LISTENING 7427 /var/run/dirmngr/socket unix 2 [ ACC ] STREAM LISTENING 7674 /tmp/.X11-unix/X0 unix 2 [ ACC ] STREAM LISTENING 7474 /dev/printer unix 2 [ ACC ] STREAM LISTENING 6916 @/var/run/hald/dbus-S0JFPFQnT2 unix 2 [ ACC ] STREAM LISTENING 7625 /tmp/.gdm_socket unix 2 [ ACC ] STREAM LISTENING 7930 @/tmp/dbus-lGbuMgSqxq unix 2 [ ACC ] STREAM LISTENING 6900 /var/run/dbus/system_bus_socket unix 2 [ ACC ] STREAM LISTENING 7918 /tmp/ssh-cuhDDB3014/agent.3014 unix 2 [ ACC ] STREAM LISTENING 7921 /tmp/ssh-duhDDB3014/agent.3014 unix 2 [ ACC ] STREAM LISTENING 7985 /tmp/ksocket-doug/kdeinit__0 unix 2 [ ACC ] STREAM LISTENING 7987 /tmp/ksocket-doug/kdeinit-:0 unix 2 [ ACC ] STREAM LISTENING 7996 /tmp/.ICE-unix/dcop3126-1203374319 unix 2 [ ACC ] STREAM LISTENING 8096 /tmp/.ICE-unix/3137 unix 2 [ ACC ] STREAM LISTENING 8018 /tmp/ksocket-doug/klauncherPP5nnc.slave-socket unix 2 [ ACC ] STREAM LISTENING 8854 /tmp/orbit-doug/linc-cce-0-14a91fe49129c unix2inet-bridge.c lets us bridge these unix sockets into the inet domain, primarily so we can run Nmap on them, but also as a general-purpose socket bridge between families. First we compile the bridge program: # gcc -Wall -O3 unix2inet-bridge.c -o unix2inet-bridge Next we pick an inet port and a unix domain socket to bridge, ensuring that we have the necessary port and filesystem privileges. Let's pick the port 31337 and the postgres unix socket /var/run/postgresql/.s.PGSQL.5432: # ./unix2inet-bridge 31337 /var/run/postgresql/.s.PGSQL.5432 This command will pause indefinitely, bridging all connections from port 31337 to the unix socket. We could've put an & at the end of the command to run it in the background instead. Now we can run Nmap (or any other AF_INET capable program) against port 31337: # ./nmap -sV -p 31337 localhost Starting Nmap 4.53 ( http://nmap.org ) at 2008-02-18 16:37 PST Interesting ports on localhost.localdomain (127.0.0.1): PORT STATE SERVICE VERSION 31337/tcp open postgresql PostgreSQL DB Service detection performed. Please report any incorrect results at http://nmap.org/submit/ . Nmap done: 1 IP address (1 host up) scanned in 6.280 seconds Sweet. Now kill the unix2inet-bridge process before somebody else finds it! Doug Hoyte and HCSW Labs -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFHuisa3LTjmOMguVMRAiYiAJ98QEuI7D8uMTk2p3cPGUJho3zKZgCfTWRn mr0pjJuiziEQGwryf46DqEY= =9+1r -----END PGP SIGNATURE----- _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
-- ATTENTION! PLEASE ENCRYPT MESSAGES AND ATTACHMENTS IF THEY CONTAIN PRIVATE INFORMATION! _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- ANNOUNCE: New HCSW utility: unix2inet-bridge.c doug (Feb 18)
- Re: ANNOUNCE: New HCSW utility: unix2inet-bridge.c Kris Katterjohn (Feb 20)
- Re: ANNOUNCE: New HCSW utility: unix2inet-bridge.c Richard Sammet (Feb 21)
- Re: ANNOUNCE: New HCSW utility: unix2inet-bridge.c doug (Feb 27)