Nmap Development mailing list archives

Wai Tuck's GSOC status report #13 of 17

From: Wong Wai Tuck <wongwaituck () gmail com>
Date: Tue, 08 Aug 2017 05:45:16 +0000

Was working on SMBloris this week, and it turns out to be much more
difficult to reliably implement than expected...

Accomplishments
- Made pull request for exploit.lua [1]
- Read through marcan's implementation of smbloris [2] and attempted to
implement smbloris with raw tcp packets - stopped when I saw zerosum0x0
publish his version of the script [3]
- Read through zerosum0x0's original implementation of smbloris and
reimplemented it in NSE, but I do not get the same reliable results (I can
only get ~700mb - 3Gb utilized, depending on the level of max-parallelism)
despite the same code - I believe this has to do with how NSE handles
threads and may think of a way to work around that soon!

Priorities
- Make pwdprofiling library
- Finish smbloris script

[1]: https://github.com/nmap/nmap/pull/960
[2]: https://gist.github.com/marcan/6a2d14b0e3eaa5de1795a763fb58641e
[3]: https://github.com/rapid7/metasploit-framework/pull/8796

Wai Tuck

_______________________________________________
Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/

Current thread:

Wai Tuck's GSOC status report #13 of 17 Wong Wai Tuck (Aug 07)
- Re: Wai Tuck's GSOC status report #13 of 17 Athanasios Manolis (Aug 14)