Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

NPcap 0.01 (based on WinPcap 4.1.3) Call for test the "Admin only" mode

From: 食肉大灰兔V5 <hsluoyz () gmail com>
Date: Tue, 23 Jun 2015 00:15:31 +0800
Hi list,

After a week's work, NPcap preliminarily supports "Add privilege support to
Npcap so we can limit it to users with administrator access
<https://github.com/nmap/nmap/issues/138>" feature now.

The main idea is, the driver is protected under policy that permits
Administrators' access only. So when Nmap (packet.dll) fails to open the
driver because of access denied error, Nmap (packet.dll) will try to start
"NPcapHelper.exe" process which runs under true Admin privilege (at the
same time, the UAC prompt shows for user to decide), if the user agrees,
the "NPcapHelper.exe" process starts, retrieves the driver handles and then
passes the handles to Nmap (packet.dll). The handles are only valid to Nmap
process, so no worry about the leakage of handles. The helper.exe process
has no interface and works like a server (can see it in the Task Manager).
When Nmap process ends itself or is terminated unexpectedly,
"NPcapHelper.exe" process will automatically quit. If the user disagrees in
UAC prompt, the error shows the same with condition that the driver is
unavailable.

I add a checkbox named "Restrict NPcap driver's access to Administrators
only" in the installation package UI. Make sure it is checked if you want
"Admin only" mode on.

As the trunk nmap doesn't support NPcap yet, you need to compile my version
(https://svn.nmap.org/nmap-exp/yang/nmap-npcap/) or just use this nmap.exe
executable (https://svn.nmap.org/nmap-exp/yang/NPcap-LWF/nmap.exe).

The installation package for NPcap is:
https://svn.nmap.org/nmap-exp/yang/NPcap-LWF/npcap-nmap-0.01.exe

The repo for NPcap is:
https://github.com/nmap/npcap

I have tested it under Windows 8.1 x64 with "Admin only" mode on and off.
You need to test on Win7 above, either x86 or x64. And try to run my
nmap.exe under an account except the built-in Administrator account. (The
built-in Administrator has supreme rights and will never see a UAC window).
I will appreciate your feedbacks.


Cheers,
Yang

_______________________________________________
Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: