Nmap Development mailing list archives
Uniquely identifying an Nmap install from NSE?
From: Ron <ron () skullsecurity net>
Date: Fri, 07 Aug 2009 16:41:25 -0500
Hi all,I had a conversation with Ed Skoudis at Defcon, and he had a comment on some of my SMB scripts: one of his primary uses for these scripts is teaching, so he can have up to 40 people using the same scripts against the same target, and that won't work well with psexec-style scripts. Up till now, I've written the scripts from the perspective of how I'd use them: one person at a time. That doesn't work as well in the real world.
The issue is, some scripts (like smb-pwdump.nse) create a service on the remote host. I always use the same name for this service, since that makes it possible to clean up later if something fails. But, this creates a race condition where if two people run the same script, it'll fail for one or both of them.
So, the two obvious choices are:1. Leave it the way it is, and accept that it's going to have a race condition
2. Randomize the name, making it difficult to clean upNeither option is really good, so I'm looking at a third option: having some way to uniquely identify an Nmap install so it can use the same random service name every time it runs, without stepping on toes. The first two things that come to mind are a) using the local IP address, and b) using the local MAC address. Neither are perfect solutions, but they're pretty clean options. The biggest downside is, even if I use a hash of the local address, it would be pretty trivial to crack it and determine who created the service, so the attacker loses a big chunk of privacy.
Anybody else have any ideas? Thanks -- Ron Bowes http://www.skullsecurity.org/ _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- Uniquely identifying an Nmap install from NSE? Ron (Aug 07)
- Re: Uniquely identifying an Nmap install from NSE? jah (Aug 07)
- Re: Uniquely identifying an Nmap install from NSE? Ron (Aug 07)
- Re: Uniquely identifying an Nmap install from NSE? David Fifield (Aug 07)
- Re: Uniquely identifying an Nmap install from NSE? Ron (Aug 07)
- Re: Uniquely identifying an Nmap install from NSE? Brandon Enright (Aug 07)
- Re: Uniquely identifying an Nmap install from NSE? Ron (Aug 07)
- Re: Uniquely identifying an Nmap install from NSE? Brandon Enright (Aug 07)
- Re: Uniquely identifying an Nmap install from NSE? Ron (Aug 07)
- Re: Uniquely identifying an Nmap install from NSE? Brandon Enright (Aug 07)
- Re: Uniquely identifying an Nmap install from NSE? Ron (Aug 07)
- Re: Uniquely identifying an Nmap install from NSE? Ben Rosenberg (Aug 07)
- Re: Uniquely identifying an Nmap install from NSE? jah (Aug 07)