Penetration Testing mailing list archives
Re: Tool for sending malicious traffic to destination system
From: Kish Pent <kish_pent () yahoo com>
Date: Fri, 4 Jan 2008 02:10:56 -0800 (PST)
Hey Ravi, Hope you got the basic idea, you need a tool like scapy for packet crafting attacks, you can't do much with nmap for packet crafting, even though you're mentioning a new word now... to spoof with nmap is possible using the -S option. Basically stop using automated tools like Nessus for a penetration test. Nessus is recommended if you're on a pen-test with considerable amount of machines. I've seen a lot of people misconcept and use nessus in web-pen tests will all options enabled (SQL injection checks and other relevant checks are enough) If you want to check what device is sitting in between you and the target, do some network device testing using tools like yersinia or fragroute. You can ofcourse use scapy very well, provided you know some python scripting. There's a considerable amount of things that must be in place to get things right. For now I'll conclude saying that "don't use nessus" for one host or two hosts and use other tools like amap,nmap and firewalk in conjunction with nessus or use them inside nessus (results or just the tool itself). There's a book on Nessus called Nessus Network Auditing, from Syngress while you can alternately read their documentation. If your goal is to spoof, just spoof don't scan with Nessus or Nmap. If you're in doubt, refer to the nmap documentation here about Firewall / IDS evasion. http://insecure.org/nmap/man/man-bypass-firewalls-ids.html Cheers :) Kish --- Rolando Ruiz <jayro2809 () gmail com> wrote:
Would bouncing the scan of a, say FTP server do what you want it to? All you're looking to do is make it seem as if it's coming from another host, right? On Dec 31, 2007 12:29 AM, Ravi <whitehaat () gmail com> wrote:Hi Kish & list, I'm kinda looking to do a decoy scanning withtraffic similar to Nessus.I understand I can't do decoy scanning withNessus. So if there is atool that could send malicious traffic like Nessusto my target thatwould be it!!! I'm basically trying to test anetwork that blocks my IPwhen I scan with Nessus. I want to prove tocustomer that I can spoof asource IP that would be blocked by your IPSleading to a DoS issue.Thax. Kish Pent wrote:Hey , You must define what you mean by malicioustrafficbefore crafting it, based on which the tool canbeselected. Your aim is to send malformed packetswhichin other words you're trying to interpret asmalicioustraffic. By the way, nmap is no example forsendingmalicious traffic. Scapy is a very good packet crafting tool, and it can be used for subsequent port-scanning, protocol analysis, and best ofall,it's just THE tool for packets. (it can do whathpingcan do for you, it can do what nmap,unicornscanorsome other tools can do for you) You might also want to check out thewww.secdev.orgwebsite, Philippe Biondi from EADS has writtenthetool, and given some excellent docs and ppt(s)outthere. Cheers :) Kish --- Ravi <whitehaat () gmail com> wrote:Hi guys... Can anybody help me in finding a tool like'nmap-(-Ddecoy)' which can send some malicious content to a system... Thanks & Regards, Whitehaat
------------------------------------------------------------------------
-- Kishore, Penetration Tester, 17/1,Upstairs,Sarojini St, Smart Security, T.Nagar, Chennai - 600 017 Phone: 91 98841 80767
-- Kishore, Penetration Tester, 17/1,Upstairs,Sarojini St, Smart Security, T.Nagar, Chennai - 600 017 Phone: 91 98841 80767 ____________________________________________________________________________________ Be a better friend, newshound, and know-it-all with Yahoo! Mobile. Try it now. http://mobile.yahoo.com/;_ylt=Ahu06i62sR8HDtDypao8Wcj9tAcJ ------------------------------------------------------------------------ This list is sponsored by: Cenzic Need to secure your web apps NOW? Cenzic finds more, "real" vulnerabilities fast. Click to try it, buy it or download a solution FREE today! http://www.cenzic.com/downloads ------------------------------------------------------------------------
Current thread:
- RE: Tool for sending malicious traffic to destination system John Forristel (SunGard-Chico) (Jan 03)
- <Possible follow-ups>
- Re: Tool for sending malicious traffic to destination system Chris Brenton (Jan 03)
- Re: Tool for sending malicious traffic to destination system Fyodor (Jan 03)
- RE: Tool for sending malicious traffic to destination system John Forristel (SunGard-Chico) (Jan 03)
- Re: Tool for sending malicious traffic to destination system M.B.Jr. (Jan 07)
- Re: Tool for sending malicious traffic to destination system Kish Pent (Jan 08)