Nmap Development mailing list archives
NPcap 0.01 (based on WinPcap 4.1.3) Call for test the "Admin only" mode
From: 食肉大灰兔V5 <hsluoyz () gmail com>
Date: Tue, 23 Jun 2015 00:15:31 +0800
Hi list, After a week's work, NPcap preliminarily supports "Add privilege support to Npcap so we can limit it to users with administrator access <https://github.com/nmap/nmap/issues/138>" feature now. The main idea is, the driver is protected under policy that permits Administrators' access only. So when Nmap (packet.dll) fails to open the driver because of access denied error, Nmap (packet.dll) will try to start "NPcapHelper.exe" process which runs under true Admin privilege (at the same time, the UAC prompt shows for user to decide), if the user agrees, the "NPcapHelper.exe" process starts, retrieves the driver handles and then passes the handles to Nmap (packet.dll). The handles are only valid to Nmap process, so no worry about the leakage of handles. The helper.exe process has no interface and works like a server (can see it in the Task Manager). When Nmap process ends itself or is terminated unexpectedly, "NPcapHelper.exe" process will automatically quit. If the user disagrees in UAC prompt, the error shows the same with condition that the driver is unavailable. I add a checkbox named "Restrict NPcap driver's access to Administrators only" in the installation package UI. Make sure it is checked if you want "Admin only" mode on. As the trunk nmap doesn't support NPcap yet, you need to compile my version (https://svn.nmap.org/nmap-exp/yang/nmap-npcap/) or just use this nmap.exe executable (https://svn.nmap.org/nmap-exp/yang/NPcap-LWF/nmap.exe). The installation package for NPcap is: https://svn.nmap.org/nmap-exp/yang/NPcap-LWF/npcap-nmap-0.01.exe The repo for NPcap is: https://github.com/nmap/npcap I have tested it under Windows 8.1 x64 with "Admin only" mode on and off. You need to test on Win7 above, either x86 or x64. And try to run my nmap.exe under an account except the built-in Administrator account. (The built-in Administrator has supreme rights and will never see a UAC window). I will appreciate your feedbacks. Cheers, Yang
_______________________________________________ Sent through the dev mailing list https://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- NPcap 0.01 (based on WinPcap 4.1.3) Call for test the "Admin only" mode 食肉大灰兔V5 (Jun 22)