Re: POC Payloader dat

[Jay Fink <jay.fink () gmail com>]

On Mon, Dec 14, 2009 at 7:38 PM, Jay Fink <jay.fink () gmail com> wrote:
> On Sun, Dec 13, 2009 at 5:32 PM, David Fifield <david () bamsoftware com> wrote:
> > That looks pretty good, but if we're not going to be 100% compatible
> > with Unicornscan's file, then there's no need for ours to look like
> > theirs. The braces and semicolon can be removed. I'm thinking about a
> > format more like we have in nmap-service-probes, with named fields
> > instead of positional values.
> >
> > /* comment */
> > payload udp 1604,1645,1812
> > "\x1e\x00\x01\x30\x02\xfd\xa8\xe3\x00\x00\x00\x00\x00\x00\x00\x00"
> > "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
> > source 100

Attached is a sample of this; I guess the only question I have is do
we really need the payload label? Wouldn't it be simpler with just:

/* payload_citrix */
udp  1604,1645,1812
  "\x1e\x00\x01\x30\x02\xfd\xa8\xe3\x00\x00\x00\x00\x00\x00\x00\x00"
  "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
  source 100

So basically - pending that first label - I am about ready to jump off.
I will need to do some more mining to figure out which payloads can
share dports and who might need a non-magic sport but at least with
the format down I can get started.. I *don't* want to start without a
final format :-)


thanks,
 j

Attachment: payloads
Description:

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/