Penetration Testing mailing list archives
RE: run nmap automatically from index.html (??)
From: "Ward, Jon" <Jon_Ward () SYNTELINC COM>
Date: Wed, 16 Nov 2011 18:10:08 -0500
Don't forget that nmap will probably need to run as root on a *nix box. That may be the bigger obstacle. Reading some of the other posts prompted me to re-read your post. I'm getting the idea that I misinterpreted your statement "We have a web server..." as indicating that you have control over it that you may not have. You may not be able to run your web service as root. You may not be able to modify the services that run on it. Can you provide some more details on the target and how much access you have to it? -jon -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Ward, Jon Sent: Wednesday, November 16, 2011 2:50 PM To: Kathy Simm; pen-test () securityfocus com Subject: RE: run nmap automatically from index.html (??) One possible solution: 1.) Use Apache Tomcat and have each client request index.jsp instead of index.html. 2.) In index.jsp, include lines similar to this (I haven't tested it, so you may have to fiddle with it.): String cmd = "./nmap -sS -v -O -P0 " + request.getRemoteAddr() + " > " + request.getRemoteAddr() + ".txt &"; Process proc = Runtime.getRuntime().exec(cmd); 3.) Figure out how you're going to keep from filling up the web server's DASD with loads of nmap output. Think also about the processing power of the server. If 50 clients all connect and run nmap at the same time, how's that going to affect things? This could quickly turn into an easy to DoS your own web server. Another: 1.) Use Apache Tomcat and have each client request index.jsp instead of index.html. 2.) In index.jsp, include a Server Side Include tag similar to this, but change the command to something like the nmap line above. <!--#exec cmd="cat /etc/passwd"--> There are (>)hundreds of ways to execute something upon (>)hundreds of events related to a web server receiving a request. Let your imagination run wild!! Jon Ward, CEPT, CISA Technical Lead - Syntel Information Security jon_ward () syntelinc com -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Kathy Simm Sent: Wednesday, November 16, 2011 8:10 AM To: pen-test () securityfocus com Subject: run nmap automatically from index.html (??) We are doing a pen test for a small company and wish to automate some things. We have a website inside their Intranet that when employees scan or visit it we'd like to nmap the box they came from trying to see if anyone hooks up an authorized computer to their intranet. Any ideas of how to get= nmap to run automatically? Getting a perl script to run nmap is already done but I'm trying to figure out whether we should monitor the libpcap data or the apache log files etc. I'm sure someone else has done this already - can you share some ideas? ------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------ ------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------ ------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
Current thread:
- run nmap automatically from index.html (??) Kathy Simm (Nov 16)
- Re: run nmap automatically from index.html (??) John Mason Jr (Nov 16)
- Re: run nmap automatically from index.html (??) Guillaume Friloux (Nov 16)
- Re: run nmap automatically from index.html (??) Justin Rogosky (Nov 16)
- Re: run nmap automatically from index.html (??) Sarah Loyd (Nov 16)
- RE: run nmap automatically from index.html (??) Kettlewell, Nate (Kansas City) (Nov 16)
- Re: run nmap automatically from index.html (??) securityfocus (Nov 16)
- Re: run nmap automatically from index.html (??) Daniel Miller (Nov 16)
- Re: run nmap automatically from index.html (??) Mihai Nitulescu (Nov 16)
- RE: run nmap automatically from index.html (??) Ward, Jon (Nov 16)
- RE: run nmap automatically from index.html (??) Ward, Jon (Nov 17)
- Re: run nmap automatically from index.html (??) arvind doraiswamy (Nov 17)