Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Latest dist v5.2

From: Ron <ron () skullsecurity net>
Date: Sat, 23 Jan 2010 11:00:20 -0600
All right, this is fixed in r16553.

I simply encoded the .exe file by xor'ing each byte by 0xFF and decoding
it inline when it's uploaded. It's a bit overkill, but there isn't a
significant speed difference or anything and the implementation is
reasonably clean.

I also added nselib/data/psexec/encoder.c to svn, which is a dead simple
encoder/decoder (reads a byte from stdin, xor with 0xFF, writes it to
stdout).

One thing to note is that nmap_service.exe WILL be picked up on the
target system (unless the a/v is silly enough to require .exe
extensions, since the uploaded version is randomly named). The only way
to prevent that, really, is to get the a/v vendor to fix the false
positive or stop the antivirus software remotely before uploading
(obviously a bad idea, but that's what fgdump does :) ).

-- 
Ron Bowes
http://www.skullsecurity.org/
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: