Re: Latest dist v5.2

[Jonathan R <agentsmith15 () gmail com>]

Does the tool have to be PsExec by Sysinternals? I believe there are a few
open source PsExec clones floating around the net like
RCE<http://sourceforge.net/projects/rce/>.
If it's open source there should be no problem with it getting flagged by
AV.

If you guys do end up encrypting Psexec would you think OpenSSL is a little
overkill? TEA (Tiny Encryption Algorithm) is smaller faster but weaker, but
all your doing is just obfuscating the executable. Best of all it's not
patented.

On Wed, Jan 27, 2010 at 6:21 PM, Ron <ron () skullsecurity net> wrote:

> On Wed, 27 Jan 2010 16:16:11 -0800
> Fyodor <fyodor () insecure org> wrote:
> > 1) The "nuke it from orbit" approach, where we just use OpenSSL to
> > encrypt the whole @#$#@ file with some symmetric algorithm and a fixed
> > key.  This would require that the user have an OpenSSL-enabled Nmap to
> > use it, but I imagine that the vast majority of Nmap installs have
> > OpenSSL these days.  Or I suppose we could do a double-obfuscation of
> > prepending a NUL *and* doing a word-width XOR or a stream XOR against
> > a generated sequence.  We might want to remove the .exe extension too.
>
> Actually, that's a great idea!
>
> You can't get to that point without OpenSSL anyways. You can't authenticate
> to smb without it, and you can't run this script without authenticating to
> smb.
>
> I won't be able to write that today, though, but I Can probably do it
> tomorrow.
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/