Filed under: Hacking, Nmap, Tools
Hey everybody! While I was doing a pentest last month, I discovered an attack I didn't previously know, and I thought I'd share it. This may be a Christopher Columbus moment - discovering something that millions of people already knew about - but I found it pretty cool so now you get to hear about [...]
Read MoreFiled under: Conferences, DNS, Hacking, Nmap, Tools
This week Last week Earlier this month Last month Last year (if this intro doesn't work, I give up trying to post this :) ), I presented at B-Sides Ottawa, which was put on by Andrew Hay and others (and sorry I waited so long before posting this... I kept revising it and not publishing). [...]
Read MoreFiled under: Hacking, Nmap, Tools
Hey all, This is partly an overview of a new Nmap feature that I'm excited about, but is mostly a call to arms. I don't have access to enterprise apps anymore, and I'm hoping you can all help me out by submitting fingerprints! Read on for more. http-enum.nse I couldn't resist throwing in the full [...]
Read MoreFiled under: April Fools, Humour, Nmap
Hey all, In honour of this special day, I'm releasing an Nmap script I wrote a few months ago as a challenge: http-california-plates.nse. To install it, ensure you're at the latest svn version of Nmap (I fixed a bug in http.lua last night that prevented this from working, so only the svn version as of [...]
Read MoreFiled under: Malware, Nmap, Reverse Engineering
Now that we know what we need to send and receive, and how it's encoded, let's generate the actual packet. Then, once we're sure it's working, we'll convert it into an Nmap probe! In most of this section, I assume you're running Linux, Mac, or some other operating system with a built-in compiler and useful [...]
Read MoreFiled under: Malware, Nmap, Reverse Engineering
In Part 2: runtime analysis, we discovered some important addresses in the Energizer Trojan -- specifically, the addresses that make the call to recv() data. Be sure to read that section before reading this one. Now that we have some starting addresses, we can move on to a disassembler and look at what the code's [...]
Read MoreFiled under: Malware, Nmap, Reverse Engineering
In Part 1: setup, we infected the system with the Trojan. It should still be running on the victim machine. If you haven't read that section, I strongly recommend you go back and read it. Now that we've infected a test machine, the goal of this step is to experiment a little with the debugger [...]
Read MoreFiled under: Malware, Nmap, Reverse Engineering
Hey all, As most of you know, a Trojan was recently discovered in the software for Energizer's USB battery charger. Following its release, I wrote an Nmap probe to detect the Trojan and HDMoore wrote a Metasploit module to exploit it. I mentioned in my last post that it was a nice sample to study [...]
Read MoreYes, I'm still working on making the ultimate password list. And I don't mean the 16gb one I made by taking pretty much every word or word-looking string on the Internet when I was a kid; that was called ultimater dictionary. No; I mean one that is streamlined, sorted, and will make Nmap the bruteforce [...]
Read MoreHey, I don't usually write two posts in one day, but today is a special occasion! I was reading my news feeds (well, my co-op student (ie, intern) was -- I was doing paperwork), and noticed a story about a remote backdoor being included with the Energizer UsbCharger software. Too funny!
Read MoreFiled under: Nmap
Hey all, I often find myself explaining to people how to install a script that isn't included in Nmap. Rather than write it over and over, this is a quick tutorial.
Read MoreFiled under: Hacking, Nmap, Tools
Sorry, through complete fault of my own, I posted a bad link. You are looking for: http://www.skullsecurity.org/blog/?p=436 document.location='http://www.skullsecurity.org/blog/?p=436'
Read MoreFiled under: Nmap
Greetings! If you were at Shmoocon this past weekend, you might remember a talk on Friday, done by Justin Morehouse and Tony Flick, on VMWare Guest Stealing. If you don't, you probably started drinking too early. :)
Read MoreFiled under: Hacking, NetBIOS/SMB, Nmap
Posts in this series (I'll add links as they're written): What does smb-psexec do? Sample configurations ("sample.lua")
Read MoreFiled under: Hacking, NetBIOS/SMB, Nmap
Posts in this series (I'll add links as they're written): What does smb-psexec do? Sample configurations ("sample.lua") Default configuration ("default.lua") Advanced configuration ("pwdump.lua" and "backdoor.lua")
Read MoreFiled under: Hacking, NetBIOS/SMB, Nmap
Posts in this series (I'll add links as they're written): What does smb-psexec do? Sample configurations ("sample.lua") Default configuration ("default.lua") Advanced configuration ("pwdump.lua" and "backdoor.lua")
Read MoreFiled under: Nmap
This is just a quick shout out to Michel Chamberland over at the SecurityWire blog. He wrote a Script to enumerate iSCSI Targets. Unfortunately, I don't have any iSCSI to test on, but if you do he'd love to hear from you! Ron
Read MoreHi all, I wrote a blog last week about scanning for Microsoft FTP with Nmap. In some situations the script I linked to wouldn't work, so I gave it an overhaul and it should work nicely now.
Read MoreFiled under: Malware, Nmap, Tools
Greetings! I found this excellent writeup of a Web-server botnet on Slashdot this weekend. Since it sounded like just the thing for Nmap to detect, I wrote a quick script!
Read MoreFiled under: NetBIOS/SMB, Nmap, Tools
Hello once again! I just finished updating my smb-check-vulns.nse Nmap script to check for the recent SMBv2 vulnerability, which had a proof-of-concept posted on full-disclosure. WARNING: This script will cause vulnerable systems to bluescreen and restart. Do NOT run this in a production environment, unless you like angry phonecalls. You have been warned!
Read More