Nmap Development mailing list archives
Re: POC Payloader dat
From: Jay Fink <jay.fink () gmail com>
Date: Fri, 4 Dec 2009 14:13:31 -0500
How about this format? This only addresses the must haves - not the like toos :) /* LABEL PROTOCOL USABLE_DESTINATION_PORTS_LIST SOURCE_PORT PAYLOAD */ /* radius */ RADIUS udp 1604,1645,1812 -1 { "\x1e\x00\x01\x30\x02\xfd\xa8\xe3\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"; }; /* DNS Service Discovery (DNS-SD) service query, as used in Zeroconf. Transaction ID 0x0000, flags 0x0000, 1 question: PTR query for _services._dns-sd._udp.local. If the remote host supports DNS-SD it will send back a list of all its services. This is the same as a packet capture of dns-sd -B _services._dns-sd._udp . See section 9 of http://files.dns-sd.org/draft-cheshire-dnsext-dns-sd.txt. */ DNS_SD udp 53 53 { "\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00" "\x09_services\x07_dns-sd\x04_udp\x05local\x00\x00\x0C\x00\x01"; }; /* Internet Key Exchange version 1, phase 1 Main Mode. We offer every combination of (DES, 3DES) and (MD5, SHA) in the hope that one of them will be acceptable. Because we use a fixed cookie, we set the association lifetime to 1 second to reduce the chance that repeated probes will look like retransmissions (and therefore not get a response). This payload comes from ike-scan --lifetime 1 --cookie 0011223344556677 --trans=5,2,1,2 --trans=5,1,1,2 --trans=1,2,1,2 --trans=1,1,1,2 We expect another phase 1 message in response. This payload works better with a source port of 500 or a randomized initiator cookie. */ IKE udp 500 500 { static const char payload_ike[] = /* Initiator cookie 0x0011223344556677, responder cookie 0x0000000000000000. */ "\x00\x11\x22\x33\x44\x55\x66\x77\x00\x00\x00\x00\x00\x00\x00\x00" /* Version 1, Main Mode, flags 0x00, message ID 0x00000000, length 192. */ "\x01\x10\x02\x00\x00\x00\x00\x00\x00\x00\x00\xC0" /* Security Association payload, length 164, IPSEC, IDENTITY. */ "\x00\x00\x00\xA4\x00\x00\x00\x01\x00\x00\x00\x01" /* Proposal 1, length 152, ISAKMP, 4 transforms. */ "\x00\x00\x00\x98\x01\x01\x00\x04" /* Transform 1, 3DES-CBC, SHA, PSK, group 2. */ "\x03\x00\x00\x24\x01\x01\x00\x00\x80\x01\x00\x05\x80\x02\x00\x02" "\x80\x03\x00\x01\x80\x04\x00\x02" "\x80\x0B\x00\x01\x00\x0C\x00\x04\x00\x00\x00\x01" /* Transform 2, 3DES-CBC, MD5, PSK, group 2. */ "\x03\x00\x00\x24\x02\x01\x00\x00\x80\x01\x00\x05\x80\x02\x00\x01" "\x80\x03\x00\x01\x80\x04\x00\x02" "\x80\x0B\x00\x01\x00\x0C\x00\x04\x00\x00\x00\x01" /* Transform 3, DES-CBC, SHA, PSK, group 2. */ "\x03\x00\x00\x24\x03\x01\x00\x00\x80\x01\x00\x01\x80\x02\x00\x02" "\x80\x03\x00\x01\x80\x04\x00\x02" "\x80\x0B\x00\x01\x00\x0C\x00\x04\x00\x00\x00\x01" /* Transform 4, DES-CBC, MD5, PSK, group 2. */ "\x00\x00\x00\x24\x04\x01\x00\x00\x80\x01\x00\x01\x80\x02\x00\x01" "\x80\x03\x00\x01\x80\x04\x00\x02" "\x80\x0B\x00\x01\x00\x0C\x00\x04\x00\x00\x00\x01"; }; _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- POC Payloader dat Jay Fink (Nov 23)
- Re: POC Payloader dat Jay Fink (Nov 24)
- Re: POC Payloader dat David Fifield (Nov 25)
- Re: POC Payloader dat Jay Fink (Nov 25)
- Re: POC Payloader dat Jay Fink (Nov 30)
- Re: POC Payloader dat Jay Fink (Dec 04)
- Re: POC Payloader dat Jay Fink (Dec 09)
- Re: POC Payloader dat David Fifield (Dec 13)
- Re: POC Payloader dat Jay Fink (Dec 14)
- Re: POC Payloader dat Jay Fink (Dec 19)
- Re: POC Payloader dat David Fifield (Dec 21)
- Re: POC Payloader dat Jay Fink (Dec 22)
- Re: POC Payloader dat Jay Fink (Dec 26)
- Re: POC Payloader dat David Fifield (Dec 27)
- Re: POC Payloader dat Jay Fink (Dec 28)
- Re: POC Payloader dat Jay Fink (Dec 30)