Penetration Testing mailing list archives
Re: nbns spoofer
From: "Robin Wood" <dninja () gmail com>
Date: Thu, 29 Mar 2007 20:50:40 +0100
You beat me to it! I got distracted from finishing my version by going to shmoocon but I'll get it finished anyway and release it. Robin On 3/29/07, Robert Wesley McGrew <wesley () mcgrewsecurity com> wrote:
I realize I'm perfoming some thread/discussion necromancy here, but this seemed like an appropriate place to announce that I just released a small tool, NBNSpoof, written in Python with Scapy that spoofs NBNS name query responses: http://www.mcgrewsecurity.com/projects/nbnspoof/ Personally, *I* like it better than the FakeNetBIOS solution, but then again, I would wouldn't I? Users can specify what names they want to respond to by a regular expression, and what IP address and MAC address the spoofed response should contain as the source. It's pretty easy to modify to suit one's needs, as well. Since it's such a simple app, I wrote up a series of blog posts detailing the creation of it, to help out those who don't already write their own tools and show them that it's really not that difficult. Hope this helps someone out! On 3/14/07, Robin Wood <dninja () gmail com> wrote: > Hi > I'm going to be using the tool as part of wifi pentest (adding it to > the karma suite) so I won't have access to the clients boxes. > > It is handy to know that that setting is there though, it may come in handy. > > I'm actually working on a tool to do this job and will release it > soon. I've just got to get back into C after doing years of php. Big > differences! > > Robin > > PS I've just looked at the page referenced and the whole thing is > right justified, looks very odd! Is it just me this happens for? > > On 3/14/07, AdamT <adwulf () gmail com> wrote: > > On 12/03/07, Robin Wood < dninja () gmail com> wrote: > > > Hi > > > Thanks for that. The tool currently only responds to the netbios name > > > it is told to so I'm going to give it a bit of the karma treatment and > > > get it to respond to any names. After that it should do what I'm after > > > nicely. > > > > > If the tool you're using is running on Windows, could it be that you > > need to apply the DisableStrictNameChecking registry key? > > > > http://support.microsoft.com/kb/281308 > > > > > > -- > > AdamT > > "Just pick a random entry in the BNF and ship it to Surbiton, please" > > > > ------------------------------------------------------------------------ > This List Sponsored by: Cenzic > > Need to secure your web apps? > Cenzic Hailstorm finds vulnerabilities fast. > Click the link to buy it, try it or download Hailstorm for FREE. > > http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW > ------------------------------------------------------------------------ > -- Robert Wesley McGrew http://mcgrewsecurity.com
------------------------------------------------------------------------ This List Sponsored by: Cenzic Need to secure your web apps? Cenzic Hailstorm finds vulnerabilities fast. Click the link to buy it, try it or download Hailstorm for FREE. http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW ------------------------------------------------------------------------
Current thread:
- Re: nbns spoofer Nicolas RUFF (Mar 13)
- Re: nbns spoofer Robin Wood (Mar 13)
- Re: nbns spoofer AdamT (Mar 14)
- Re: nbns spoofer Robin Wood (Mar 14)
- Message not available
- Re: nbns spoofer Robin Wood (Mar 29)
- Re: nbns spoofer jmk (Mar 30)
- Re: nbns spoofer Robin Wood (Mar 30)
- Re: nbns spoofer Nikolaj (Mar 31)
- Re: nbns spoofer AdamT (Mar 14)
- Re: nbns spoofer Robin Wood (Mar 13)