Re: POC Payloader dat

[David Fifield <david () bamsoftware com>]

On Tue, Jan 12, 2010 at 09:15:38AM -0500, Jay Fink wrote:
> Just a quick update, the way I am working on this is to write the
> function(s) separately and just call them - once I *think* it is in a
> decent state I'll plug it in (probably inside the payload.cc file
> itself).
> That said I have managed to get as far as getting on complete string
> back from the file parser so far although admittedly I've only worked
> on it about 2 or 3 solid hours or so over the last 2 weeks, the
> prototype accepts the payload key word and returns the payload:
>
> $ ./payload dns
> \x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00
> Note this is one contiguous string, webmail chops it:
> $ ./payload nbstat
> \x80\xF0\x00\x10\x00\x01\x00\x00\x00\x00\x00\x00\x20CKAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\x00\x00\x21\x00\x01
> $ ./payload amanda
> Amanda 2.6 REQ HANDLE 000-00000000 SEQ 0\nSERVICE noop\n
>
> It also handles inline comments gracefully.
>
> What I have left is:
> - the key matching uses strstr, it shouldn't do that for obvious
> reasons :) needs changed
> - assigning dports
> - assigning sports
> - making sure memory is dealt with gracefully/correctly

Looks great! I'm eager to see the finished product. Remember that we'll
be looking up payloads not by name, but by protocol/port, so see if you
can make your test program work like this:

$ ./payload 53 udp
\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00

You're right, payload.cc is where all the parsing, etc. code should be
eventually plugged in.

David Fifield
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/