Penetration Testing mailing list archives
Packet modifying proxy tool
From: Michael Cain <by_argos () hotmail com>
Date: Tue, 4 Mar 2008 09:16:24 +0000
Hi all, I am currently doing an internal security assessment and have discovered that I can "jump" to different network segments and bypass router restrictions by utilizing Loose Source Routing. When it comes to port-scanning, nmap performs this task quite well, however I need a proxy tool that can handle source routing in order to allow other tools to reach the destination hosts. I tried netcat (on Windows source routing is not supported) but it looks like it constructs the IP options in a different way than nmap and hence the destination host does not respond. I have also tried EchoMirage but packet interception and modification begins after a connection has been established which is not what I need. Could you please suggest any other proxy tools that can handle source routing? I also include part of the nmap and netcat packets (wireshark extract) and command parameters in case I did something wrong. *The IPs are not the original ones* nmap -vv -n -sS -P0 -p 445 --ip-options "L 10.4.2.1" 10.5.2.1 ------------------------------------------------------------- Source: 10.3.2.1 (10.3.2.1) Destination: 10.4.2.1 (10.4.2.1) Options: (12 bytes) NOP Loose source route (11 bytes) Pointer: 4 10.4.2.1 <- (current) 10.5.2.1 nc -vv -n -g 10.4.2.1 10.5.2.1 445 ---------------------------------- Source: 10.3.2.1 (10.3.2.1) Destination: 10.4.2.1 (10.4.2.1) Options: (12 bytes) Loose source route (11 bytes) Pointer: 4 10.5.2.1 <- (current) 10.5.2.1 NOP nc -vv -n -g 10.4.2.1 -g 10.4.2.1 10.5.2.1 445 ---------------------------------------------- Source: 10.3.2.1 (10.3.2.1) Destination: 10.4.2.1 (10.4.2.1) Options: (16 bytes) Loose source route (15 bytes) Pointer: 4 10.4.2.1 <- (current) 10.5.2.1 10.5.2.1 NOP Thank you, Demetris _________________________________________________________________ Telly addicts unite! http://www.searchgamesbox.com/tvtown.shtml ------------------------------------------------------------------------ This list is sponsored by: Cenzic Need to secure your web apps NOW? Cenzic finds more, "real" vulnerabilities fast. Click to try it, buy it or download a solution FREE today! http://www.cenzic.com/downloads ------------------------------------------------------------------------
Current thread:
- Packet modifying proxy tool Michael Cain (Mar 04)
- Re: Packet modifying proxy tool Marco Ivaldi (Mar 04)