Nmap Development mailing list archives
Re: NSEDoc @output for auth-spoof.nse
From: Brandon Enright <bmenrigh () ucsd edu>
Date: Fri, 9 Apr 2010 04:44:40 +0000
I can probably dig up some fake ident spoofs. I just had one last week. BrandonSent from my phone. If you would like a digital signature of this message let me know and I'll sign it later.
On Apr 9, 2010, at 4:42, David Fifield <david () bamsoftware com> wrote:
On Fri, Apr 09, 2010 at 05:33:18AM +0100, Diman Todorov wrote:On Thu, Apr 8, 2010 at 8:44 PM, David Fifield <david () bamsoftware com> wrote:Can you send me an example of the output of the auth-spoof script? (Itused to be called ircZombieTest.) I'm trying to make all the scripts have a proper @output section in the documentation.that script is unlikely to produce any output. somebody has changed itto use the comm lib which seems to not work as expected ;) I simulate an identd spoofer like this: Aristoteles:~ diman$ echo foo | sudo nc -l 113 then I use banner.nse - which is technically a glorified version ofauth-spoof (I used it because unlike auth-spoof it has some debug infoaround the comm.get_banner call) and get this error: NSE: ./scripts/banner.nse failed for 127.0.0.1 on tcp port 113. Message: No Message.Probably the nc dies after being connected to the first time (maybe youdid a connect scan?). It works for me with # ncat -l 113 --sh-exec "echo foo" $ nmap localhost -p 113 --script=banner,auth-spoof Starting Nmap 5.30BETA1 ( http://nmap.org ) at 2010-04-08 22:40 MDT NSE: Script Scanning completed. Nmap scan report for localhost (127.0.0.1) Host is up (0.0021s latency). PORT STATE SERVICE 113/tcp open auth |_banner: foo |_auth-spoof: Spoofed reply: foo I just want to know what a typical spoofed reply from an IRC zombie really looks like. I spent some time today looking, and though I sawreports that some malware does this, I could not find an example of theoutput. David Fifield _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Re: NSEDoc @output for auth-spoof.nse Diman Todorov (Apr 08)
- Re: NSEDoc @output for auth-spoof.nse David Fifield (Apr 08)
- Re: NSEDoc @output for auth-spoof.nse Brandon Enright (Apr 08)
- Re: NSEDoc @output for auth-spoof.nse Brandon Enright (Apr 09)
- Re: NSEDoc @output for auth-spoof.nse Fyodor (Apr 10)
- Re: NSEDoc @output for auth-spoof.nse Brandon Enright (Apr 08)
- Re: NSEDoc @output for auth-spoof.nse Diman Todorov (Apr 08)
- Re: NSEDoc @output for auth-spoof.nse David Fifield (Apr 08)