Re: Latest dist v5.2

[David Fifield <david () bamsoftware com>]

On Sat, Jan 23, 2010 at 11:00:20AM -0600, Ron wrote:
> All right, this is fixed in r16553.
>
> I simply encoded the .exe file by xor'ing each byte by 0xFF and decoding
> it inline when it's uploaded. It's a bit overkill, but there isn't a
> significant speed difference or anything and the implementation is
> reasonably clean.
>
> I also added nselib/data/psexec/encoder.c to svn, which is a dead simple
> encoder/decoder (reads a byte from stdin, xor with 0xFF, writes it to
> stdout).
>
> One thing to note is that nmap_service.exe WILL be picked up on the
> target system (unless the a/v is silly enough to require .exe
> extensions, since the uploaded version is randomly named). The only way
> to prevent that, really, is to get the a/v vendor to fix the false
> positive or stop the antivirus software remotely before uploading
> (obviously a bad idea, but that's what fgdump does :) ).

Have you (or anyone else) tested to make sure this will solve the
problem? If not, I guess what we'll have to do is build the installer
and submit it to the same links as in
http://seclists.org/nmap-dev/2010/q1/211.

David Fifield
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/