Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Some scripts for analyzing NetBus

From: Toni Ruottu <toni.ruottu () iki fi>
Date: Fri, 3 Dec 2010 20:37:47 +0200
hello again,

I realized not everyone have a NetBus setup up and running, so I
decided to provide some links to NetBus packages available on the
Internet. The below links are for NetBus 1.6 and 1.7. There is also a
link for honeypot application NetBuster. I used these packages in my
tests and they seemed to work well. The NetBus packages contain both a
client and a server. The server is usually called patch.exe.
Additionally they may contain a tool for editing the server. The
NetBuster package contains a server with graphical configuration user
interface.

http://members.fortunecity.com/cambada/nb16.zip
http://personal.inet.fi/koti/jaakko.linna/NetBus170.zip
http://personal.inet.fi/koti/jaakko.linna/netbuster1_31.zip

NetBus and NetBuster are Windows applications. I run the apps on
Ubuntu using Wine and they worked surprisingly well. Just make sure
you always reset the environment properly between running two
different versions (kill all processes, wait for port bind to time
out, and possibly delete wine configuration). Note that NetBus is
hackish and might have hidden tricks. You might want to run the
services under a virtual machine rather than on a system you use
daily. In any case the NetBus services are not very secure, and
someone could hack into your box through the service unless you are
behind a firewall.

  happy hacking, --Toni

On Thu, Dec 2, 2010 at 10:37 AM, Toni Ruottu <toni.ruottu () iki fi> wrote:

hello,

Just finished writing a set of scripts that analyse NetBus-services
(see attachments). I have defined total ordering for execution through
dependencies, as the scripts interfere with each other. Namely,
sending broken authentication credentials prevent access from
everyone, and not only the failing client. The scripts do not cover
NetBus2 as it seems quite different from the earlier versions, also I
could not find really old versions of NetBus for testing. I have done
some tests with NetBus versions 1.6 and 1.7, as well as NetBuster
version 1.31. The scripts should work with the current nmap cvs, but
do not work with latest release.

The included scripts are (in order of execution):
netbus-version - detects NetBuster, a honeypot service that mimes NetBus
netbus-brute - tries to retrieve NetBus password by guessing
netbus-info - opens a connection to a NetBus server and extracts information
netbus-auth-bypass - checks if a NetBus server is vulnerable to
authentication bypass

 cheers, --Toni


_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: