From: Robin Wood (dninja@gmail.com)
Date: Thu Mar 29 2007 - 14:50:40 EST
You beat me to it! I got distracted from finishing my version by going
to shmoocon but I'll get it finished anyway and release it.
Robin
On 3/29/07, Robert Wesley McGrew <wesley@mcgrewsecurity.com> wrote:
> I realize I'm perfoming some thread/discussion necromancy here, but this
> seemed like an appropriate place to announce that I just released a small
> tool, NBNSpoof, written in Python with Scapy that spoofs NBNS name query
> responses:
>
> http://www.mcgrewsecurity.com/projects/nbnspoof/
>
> Personally, *I* like it better than the FakeNetBIOS solution, but then
> again, I would wouldn't I? Users can specify what names they want to
> respond to by a regular expression, and what IP address and MAC address the
> spoofed response should contain as the source. It's pretty easy to modify
> to suit one's needs, as well.
>
> Since it's such a simple app, I wrote up a series of blog posts detailing
> the creation of it, to help out those who don't already write their own
> tools and show them that it's really not that difficult.
>
> Hope this helps someone out!
>
> On 3/14/07, Robin Wood <dninja@gmail.com> wrote:
> > Hi
> > I'm going to be using the tool as part of wifi pentest (adding it to
> > the karma suite) so I won't have access to the clients boxes.
> >
> > It is handy to know that that setting is there though, it may come in
> handy.
> >
> > I'm actually working on a tool to do this job and will release it
> > soon. I've just got to get back into C after doing years of php. Big
> > differences!
> >
> > Robin
> >
> > PS I've just looked at the page referenced and the whole thing is
> > right justified, looks very odd! Is it just me this happens for?
> >
> > On 3/14/07, AdamT <adwulf@gmail.com> wrote:
> > > On 12/03/07, Robin Wood < dninja@gmail.com> wrote:
> > > > Hi
> > > > Thanks for that. The tool currently only responds to the netbios name
> > > > it is told to so I'm going to give it a bit of the karma treatment and
> > > > get it to respond to any names. After that it should do what I'm after
> > > > nicely.
> > > >
> > > If the tool you're using is running on Windows, could it be that you
> > > need to apply the DisableStrictNameChecking registry key?
> > >
> > > http://support.microsoft.com/kb/281308
> > >
> > >
> > > --
> > > AdamT
> > > "Just pick a random entry in the BNF and ship it to Surbiton, please"
> > >
> >
> >
> ------------------------------------------------------------------------
> > This List Sponsored by: Cenzic
> >
> > Need to secure your web apps?
> > Cenzic Hailstorm finds vulnerabilities fast.
> > Click the link to buy it, try it or download Hailstorm for FREE.
> >
> >
> http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
> >
> ------------------------------------------------------------------------
> >
>
>
>
> --
> Robert Wesley McGrew
> http://mcgrewsecurity.com
------------------------------------------------------------------------
This List Sponsored by: Cenzic
Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:57:41 EDT