Full Disclosure mailing list archives
Re: Microsoft Windows vulnerability in TCP/IP Could Allow Remote Code Execution (2588516)
From: xD 0x41 <secn3t () gmail com>
Date: Fri, 11 Nov 2011 21:43:44 +1100
btw, you do realise, it is doing exactly what it is meant to , right >? it is called a honeypot sir... try figure out WHY it is looping... then maybe, the code is nicer yes... i dont really care for it... i am, making the proper.cpp scanner. nothing more interests me about it, and, nothing else, i need others to tell me, thx. I have done this my own b4, please, dont try holding any hands. I will only, cut off your feet ;) later On 11 November 2011 19:17, Tillmann Werner <tillmann.werner () gmx de> wrote:
def callback(self, hdr, data): # Parse the Ethernet packet decoder = ImpactDecoder.EthDecoder() ether = decoder.decode(data) # Parse the IP packet inside the Ethernet packet, typep iphdr = ether.child() udphdr = iphdr.child() # First check that the packets are not comming from the local host # Then check that it is a UDP packet (incase you changed the BPF) also # Check that the destination port for the packet is a closed port on the host if (iphdr.get_ip_src() != self.ip): self.refresh_portlist() if (iphdr.get_ip_p() == ImpactPacket.UDP.protocol and udphdr.get_uh_dport() not in self.portlist): if self.called == 0: self.callonce() print "Incoming UDP packet from %s"%iphdr.get_ip_src() self.dumper.dump(hdr, data) def refresh_portlist(self): # bash script to get all the open and listening UDP ports # used in the callback function as criteria for logging traffic output = os.popen("./getports.sh") pl = output.readlines() self.portlist = [] for p in pl: self.portlist.append(int(p))Seriously? popen()ing a bash script that calls netstat and awk twice for every packet? Tillmann _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: Microsoft Windows vulnerability in TCP/IP Could Allow Remote Code Execution (2588516), (continued)
- Re: Microsoft Windows vulnerability in TCP/IP Could Allow Remote Code Execution (2588516) Valdis . Kletnieks (Nov 13)
- Re: Microsoft Windows vulnerability in TCP/IP Could Allow Remote Code Execution (2588516) Jon Kertz (Nov 13)
- Re: Microsoft Windows vulnerability in TCP/IP Could Allow Remote Code Execution (2588516) xD 0x41 (Nov 11)
- Re: Microsoft Windows vulnerability in TCP/IP Could Allow Remote Code Execution (2588516) Jon Kertz (Nov 11)
- Re: Microsoft Windows vulnerability in TCP/IP Could Allow Remote Code Execution (2588516) xD 0x41 (Nov 11)
- Re: Microsoft Windows vulnerability in TCP/IP Could Allow Remote Code Execution (2588516) Valdis . Kletnieks (Nov 11)
- Re: Microsoft Windows vulnerability in TCP/IP Could Allow Remote Code Execution (2588516) xD 0x41 (Nov 11)
- Re: Microsoft Windows vulnerability in TCP/IP Could Allow Remote Code Execution (2588516) xD 0x41 (Nov 10)
- Re: Microsoft Windows vulnerability in TCP/IP Could Allow Remote Code Execution (2588516) Tillmann Werner (Nov 11)
- Re: Microsoft Windows vulnerability in TCP/IP Could Allow Remote Code Execution (2588516) xD 0x41 (Nov 11)
- Re: Microsoft Windows vulnerability in TCP/IP Could Allow Remote Code Execution (2588516) xD 0x41 (Nov 11)
- Re: Microsoft Windows vulnerability in TCP/IP Could Allow Remote Code Execution (2588516) Thor (Hammer of God) (Nov 10)
- Re: Microsoft Windows vulnerability in TCP/IP Could Allow Remote Code Execution (2588516) Georgi Guninski (Nov 13)
- Re: Microsoft Windows vulnerability in TCP/IP Could Allow Remote Code Execution (2588516) Thor (Hammer of God) (Nov 14)