RE: PacketStuff's nmap binary

From: Brandon Steili (brandon@netsyd.com)
Date: Wed Sep 14 2005 - 19:26:35 EDT

• Next message: Kyle Quest: "RE: [lists] What ever happened to the Netbios share scanner utilities?"
• Previous message: Craig Holmes: "Re: Exploiting a Worm"
• Maybe in reply to: Bryan D. Fish: "PacketStuff's nmap binary"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Quoting Bryan D. Fish <bryanfish@sbcglobal.net>:
        I need to upload nmap to a compromised NT box.

Key word I think in this one is "upload", second one being
"compromised". He doesn't say if he has physical access to the box or
not. Besides, assuming he does have physical access to the box, would
not shutting down that system and keeping it offline while you run
scanning tools raise a few eyebrows if someone wanted to access this
system?

If he had physical access to the box, it would make more sense to bring
his own system online within that network and run the toolkit from that
which would prevent any possible contamination of that production box.

I would further assume from this that he was intending to use this to
test the internal setup and if he's truly pen testing then shutting down
a box on a production network may not be within the scope, but loading
apps might be.

Either way ... seems to run fine with no stability issues & with
identical results as the version running on my Linux box. I ran this on
a completely clean XP SP2 install with nothing else installed (ie
winpcap) and the XP FW running.

Starting nmap 3.81 ( http://www.insecure.org/nmap )
Interesting ports on 192.168.xxx.xxx:
(The 1658 ports scanned but not shown below are in state: closed)
PORT STATE SERVICE
135/tcp open msrpc
139/tcp open netbios-ssn
445/tcp open microsoft-ds
1025/tcp open NFS-or-IIS
3389/tcp open ms-term-serv

Nmap finished: 1 IP address (1 host up) scanned in 2.944 seconds

-----Original Message-----
From: Kelly Scroggins [mailto:kelly@cliffhanger.com]
Sent: Monday, September 12, 2005 7:42 PM
To: Bryan D. Fish
Cc: 'pen-test'
Subject: Re: PacketStuff's nmap binary

Why not use a bootable linux cd with a trusted
copy of nmap and other tools?

-- 
	   --    -- 
	     \  /
	      \/
	      /\
	     /  \
	   --    --
------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner: 
Hackers are concentrating their efforts on attacking applications on your 
website. Up to 75% of cyber attacks are launched on shopping carts, forms, 
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are 
futile against web application hacking. Check your website for vulnerabilities 
to SQL injection, Cross site scripting and other web attacks before hackers do! 
Download Trial at:
http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------

• Next message: Kyle Quest: "RE: [lists] What ever happened to the Netbios share scanner utilities?"
• Previous message: Craig Holmes: "Re: Exploiting a Worm"
• Maybe in reply to: Bryan D. Fish: "PacketStuff's nmap binary"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:54:54 EDT