Re: POC Payloader dat

[Jay Fink <jay.fink () gmail com>]

> We can learn from Unicornscan's payloads.conf. I think they have a good
> format. An example entry looks like this:
>
> /* citrix */
> udp 1604 -1 1 {
>        "\x20\x00\x01\x30\x02\xfd\xa8\xe3\x00\x00\x00\x00\x00\x00\x00\x00"
>        "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
> };
>
> The five fields are protocol (udp or tcp), destination port, source
> port, payload group, and { payload }. -1 for the source port means any
> port can be used. I don't know what the payload group means.
>
> This is a good format. Its biggest deficiency is that you have to copy
> and paste if you want the same payload on different ports. We already
> have one case of that in payload.cc. It is expressed very nicely in C++:
>
>    /* RFC 2865: "The early deployment of RADIUS was done using UDP port number
>       1645, which conflicts with the "datametrics" service. The officially
>       assigned port number for RADIUS is 1812. */
>    case 1645:
>    case 1812:
>      SET_PAYLOAD(payload_radius);
>      break;

I'm sure I could come up with something there. I had been meaning to
look at how unicornn scan does it.
I think msf3 has the payloads in source files too.

I snipped the rest but my response is *okay* :-)

This is a nice smaller scale project I think would be fun - well at
least for me - especially since there are not currently a lot of
payloads in in payload.cc right now (well - not yet!) and if I do it
right I can more or less modularize it somewhat so while I work it is
not invasive - again for my part :)

Thanks David - this answered a lot of questions I had.

 j
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/