Re: POC Payloader dat

[Jay Fink <jay.fink () gmail com>]

On Sun, Dec 27, 2009 at 11:56 PM, David Fifield <david () bamsoftware com> wrote:

> I can see your point about the value of having an identifer for payloads
> that you otherwise have the same port/protocol combination.

yeap :)

> However, in
> this case, it's not needed, because the citrix payload doesn't go with
> ports 1645 or 1812. We may have used that as an example but that's not
> the way it is in payload.cc now.

Right that is an err on my side; but ...

> If we're having multiple payloads per port then there are other
> questions that need to be answered.
...

Exactly - right after I sent my email - I pretty much went cross eyed
thinking about the implications...

> I'm a bit lost in thinking about how all this should work. How do
> Unicornscan's payload groups work?

Ironically - on my todo list is to go through unicornscan to see if
they have any payloads we might be interested in (I was going to do so
after the initial re-implementation of the current payloads). I'll
start digging through it and see how the unicornscan framework works
in general. I also need to retrace my steps on how nmaps works from
the scan engine as well.

Thanks for the feedback - I'm glad I stopped when I sent the email :)
Sanity checks are definitely underrated :D

regards,
 j
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/