PaulDotCom mailing list archives
A weird request.
From: jd.mubix at gmail.com (Rob Fuller)
Date: Tue, 27 Jan 2009 07:16:34 -0500
Nick, Robin, Dimitrios,
Listening on all ports is not the hard part as Nick shows below. The
hard part is creating that client/server setup so that when a pen-tester is
on the inside, they can run "bob.exe" or "bob.[rb|py|pl]" and it comes back
with "22,80 (proxied),443,3389". Nmap may be able to accomplish this,
especially with a NSE script and the most TCP Connect scan. Plus the speed
markers would be able to help you stay under the radar when doing this.(i.e.
-T1). So the listener could simply echo "Hello" and respawn, and the script
could look for "Hello".
Anyways,
I look forward to seeing what you guys come up with.
Rob
2009/1/26 Nick Baronian <nbaronian at gmail.com>
I don't know .Net but I remember some old school DOS scripting. So how about netcat with something like this %echo off set /a count=0 :openport set /a count=%count%+1 if %count% ==65535 (goto :eof) else (echo Listening on port %count%) && (nc -l -p %count% -d) && (nc -l -u -p %count% -d) goto :openport I haven't had a chance to test it but I believe netcat will spit out an error when it can't bind to a port, so it should continue thru the loop. You could use an app like pskill to kill all the processes using nc.exe when you are done testing. -Nick Baronian 2009/1/26 Rob Fuller <jd.mubix at gmail.com> Anyone willing to make this program? I assume it would be a bit easier onlinux using iptables and just listening on one port with PORT_FORWARD. Just a thought. 2009/1/22 Dimitrios Kapsalis <dimitrios at gmail.com>As hinted before, wouldn't be to hard to write a .net program since this is for windows, that loops across all 65,000 ports and check if its being used, if not then open a port for listening. 2009/1/22 Rob Fuller <jd.mubix at gmail.com> I'ave actually been in the market for this myself. It would be a greatway of determining what egress options you have on a pentest. On Thu, Jan 22, 2009 at 3:59 PM, "Luis Mart?n." <luis.mgarc at gmail.com>wrote:Dunno of any program but it should not be difficult to code something for it. Best way is probably: - Create a simple sniffer using libpcap - Listen on evertything - Generate TCP-SYN/ACKs using raw sockets and send them back. Have a look at some examples of simple pcap sniffers here: www.programming-pcap.aldabaknocking.com (file tcsyndos.c shouldn't be too difficult to modify for your needs, it already crafts custom TCP packets). Sam Buhlig wrote:Does anyone know of software that will run on a windows box that will respond on all ports. It does not have to be the correct protocol or anything. Doing some firewall testing and want a box that responds on any and all ports if possible. Thanks in advance.------------------------------------------------------------------------_______________________________________________ Pauldotcom mailing list Pauldotcom at mail.pauldotcom.com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com_______________________________________________ Pauldotcom mailing list Pauldotcom at mail.pauldotcom.com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com_______________________________________________ Pauldotcom mailing list Pauldotcom at mail.pauldotcom.com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com_______________________________________________ Pauldotcom mailing list Pauldotcom at mail.pauldotcom.com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com_______________________________________________ Pauldotcom mailing list Pauldotcom at mail.pauldotcom.com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com_______________________________________________ Pauldotcom mailing list Pauldotcom at mail.pauldotcom.com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
-------------- next part -------------- An HTML attachment was scrubbed... URL: http://mail.pauldotcom.com/pipermail/pauldotcom/attachments/20090127/b8c749ed/attachment.htm
Current thread:
- A weird request., (continued)
- A weird request. Karl Schuttler (Jan 22)
- A weird request. John Sawyer (Jan 22)
- A weird request. Huzeyfe ONAL(Gmail) (Jan 22)
- A weird request. "Luis MartÃn." (Jan 22)
- A weird request. Rob Fuller (Jan 22)
- A weird request. Dimitrios Kapsalis (Jan 22)
- A weird request. Rob Fuller (Jan 26)
- A weird request. Dimitrios Kapsalis (Jan 26)
- A weird request. Robin Wood (Jan 26)
- A weird request. Nick Baronian (Jan 26)
- A weird request. Rob Fuller (Jan 27)
- A weird request. Robin Wood (Jan 27)
- A weird request. Robin Wood (Jan 27)
- A weird request. Jack Daniel (Jan 28)
- A weird request. Rob Fuller (Jan 22)