Nmap Development mailing list archives
Re: Latest dist v5.2
From: Ron <ron () skullsecurity net>
Date: Sat, 23 Jan 2010 11:00:20 -0600
All right, this is fixed in r16553. I simply encoded the .exe file by xor'ing each byte by 0xFF and decoding it inline when it's uploaded. It's a bit overkill, but there isn't a significant speed difference or anything and the implementation is reasonably clean. I also added nselib/data/psexec/encoder.c to svn, which is a dead simple encoder/decoder (reads a byte from stdin, xor with 0xFF, writes it to stdout). One thing to note is that nmap_service.exe WILL be picked up on the target system (unless the a/v is silly enough to require .exe extensions, since the uploaded version is randomly named). The only way to prevent that, really, is to get the a/v vendor to fix the false positive or stop the antivirus software remotely before uploading (obviously a bad idea, but that's what fgdump does :) ). -- Ron Bowes http://www.skullsecurity.org/ _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Re: Latest dist v5.2, (continued)
- Re: Latest dist v5.2 DePriest, Jason R. (Jan 21)
- Re: Latest dist v5.2 Ron (Jan 21)
- Re: Latest dist v5.2 DePriest, Jason R. (Jan 21)
- Re: Latest dist v5.2 Ron (Jan 21)
- Re: Latest dist v5.2 Ron (Jan 21)
- Re: Latest dist v5.2 Michael Pattrick (Jan 21)
- Re: Latest dist v5.2 Michael Pattrick (Jan 21)
- AW: Latest dist v5.2 Wissmann, Dirk (Jan 21)
- Re: Latest dist v5.2 Fyodor (Jan 21)
- Re: Latest dist v5.2 Tom Sellers (Jan 21)
- Re: Latest dist v5.2 David Fifield (Jan 25)
- Re: Latest dist v5.2 Ron (Jan 25)
- Re: Latest dist v5.2 David Fifield (Jan 26)
- Re: Latest dist v5.2 Ron (Jan 26)
- Re: Latest dist v5.2 Fyodor (Jan 27)
- Re: Latest dist v5.2 Brandon Enright (Jan 27)
- Re: Latest dist v5.2 Ron (Jan 27)
- Re: Latest dist v5.2 Fyodor (Jan 27)
- Re: Latest dist v5.2 Ron (Jan 27)
- Re: Latest dist v5.2 Jonathan R (Jan 27)