From: Cedric Blancher (blancher@cartel-securite.fr)
Date: Thu Mar 01 2007 - 06:37:33 EST
Le mardi 27 février 2007 à 04:23 +0530, Aditya Sood a écrit :
> Want to know your views about Inverse mapping with
> padding through scapy.I have recently put a blog entry
> http://zeroknock.blogspot.com/2007/02/inverse-mapping-via-packet-crafting.html
> Throw more views in this aspect.
Can you please be more specific about what you mean by "inverse
mapping" ? I'm not familiar with this, and thus I don't get what you're
trying to show by adding/removing *raw data* to your TCP RST...
Especialy, what do you mean by "there's a skip in packet from the other
side" ? Is it related to the one out of two "blank lines", that is in
fact written using black color (shown with <- below) and thus being
invisible on your black background ?
>> srloop(IP(dst="www.google.com", ttl=64)/TCP(dport=80,
flags="R")/"XXXXXXXX")
fail 1: IP / TCP 172.16.134.22:ftp-data > 216.239.59.147:www R / Raw <-
fail 1: IP / TCP 172.16.134.22:ftp-data > 216.239.59.147:www R / Raw
fail 1: IP / TCP 172.16.134.22:ftp-data > 216.239.59.147:www R / Raw <-
fail 1: IP / TCP 172.16.134.22:ftp-data > 216.239.59.147:www R / Raw
fail 1: IP / TCP 172.16.134.22:ftp-data > 216.239.59.147:www R / Raw <-
fail 1: IP / TCP 172.16.134.22:ftp-data > 216.239.59.147:www R / Raw
fail 1: IP / TCP 172.16.134.22:ftp-data > 216.239.59.147:www R / Raw <-
fail 1: IP / TCP 172.16.134.22:ftp-data > 216.239.59.147:www R / Raw
fail 1: IP / TCP 172.16.134.22:ftp-data > 216.239.59.147:www R / Raw <-
send...
Sent 9 packets, received 0 packets. 0.0% hits.
(<Results: UDP:0 TCP:0 ICMP:0 Other:0>, <PacketList: UDP:0 TCP:9 ICMP:0
Other:0>)
If so, you should switch to Bob Marley display:
>>> conf.color_theme=RastaTheme()
Then try again :)
Note that IP()/TCP()/"XXXXXXXXX" adds "XXXXXXXXX" as raw TCP data. If
you want to add padding, then you have to use the Padding method:
IP()/TCP()/Padding("XXXXXXXXX")
Then you'll get something slightly different:
>>> srloop(IP(dst="www.google.com", ttl=64)/TCP(dport=80,
flags="R")/Padding("XXXXXXXXXX"))
fail 1: IP / TCP 172.16.134.22:ftp-data > 66.102.9.147:www R / Padding
fail 1: IP / TCP 172.16.134.22:ftp-data > 66.102.9.147:www R / Padding
fail 1: IP / TCP 172.16.134.22:ftp-data > 66.102.9.147:www R / Padding
fail 1: IP / TCP 172.16.134.22:ftp-data > 66.102.9.147:www R / Padding
fail 1: IP / TCP 172.16.134.22:ftp-data > 66.102.9.147:www R / Padding
fail 1: IP / TCP 172.16.134.22:ftp-data > 66.102.9.147:www R / Padding
fail 1: IP / TCP 172.16.134.22:ftp-data > 66.102.9.147:www R / Padding
fail 1: IP / TCP 172.16.134.22:ftp-data > 66.102.9.147:www R / Padding
send...
Sent 8 packets, received 0 packets. 0.0% hits.
(<Results: UDP:0 TCP:0 ICMP:0 Other:0>, <PacketList: UDP:0 TCP:8 ICMP:0
Other:0>)
BTW, Scapy is indeed a wonderful tool.
Regards.
-- http://sid.rstack.org/ PGP KeyID: 157E98EE FingerPrint: FA62226DA9E72FA8AECAA240008B480E157E98EE Cansecwest/core07 *WiFi (in)Security* Security Masters Dojo, Vancouver http://cansecwest.com/dojowifi.html (Scapy WiFi programming included ;) ------------------------------------------------------------------------ This List Sponsored by: Cenzic Need to secure your web apps? Cenzic Hailstorm finds vulnerabilities fast. Click the link to buy it, try it or download Hailstorm for FREE. http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW ------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:57:37 EDT