-
November 13th, 2003, 04:04 AM
#11
Junior Member
Wow, that was a great tutorial! I learned a lot from that.
-Ben
There are sports cars. Then there\'s the Z.
240Z 260Z 280Z 280ZX 300ZX 350Z
-
November 13th, 2003, 10:18 PM
#12
quote:
220 Crack House - Da Masta Gangstaz
Login credentials accepted by ftp server!
HEY, Hoss..... Leave my bloody servers alone..... DAMMIT......
Nice work..... Where do you want me to put your toys?
LOL, Tiger, I had no idea you were a "Masta Gangsta" too.
Actually, we use names like that in proof-of-concept demonstrations. Using colorful names like that seem to get non technical managers a little more interested when we create the image of the mean evil haxor. All I can tell ya is that it works in getting them interested and that's why we name our lab boxes in such ways. Of course my home FTP server is named, "Icy Hot Stunta" .
Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden
-
December 3rd, 2003, 06:58 PM
#13
For anyone who is interested, the Ricoh Aficio 1075 departmental all in one printer has an anonymous FTP service running that will allow you to bounce NMAP (see the tut) scans off of it. I found this while doing an audit on the product. Needless to say, this POS will not be getting near an RJ45 jack in our facility. It also has a large list of other issues but this is the only one that is associated with this tut.
--TH13
Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden
-
January 6th, 2004, 10:00 PM
#14
hey,
I was playing around with this and found something rather interesting. MsMittens suggested I'd post it here.
OK, two friends of mine were willing to take each a seperate scan and look in their IDS or firewall, to see the what IDS's would see.
The guy with the firewall/router saw only the scan coming of the zombie, which is good. The guy with the IDS saw the nmap scan coming with three different zombies. He logged my origin ip.
This is my output :
I used on both at least one same working bounce target.
root@Furious shrekkie # nmap -v -P0 -sI A.B.C.D *.*.*.*
Starting nmap 3.48 ( http://www.insecure.org/nmap/ ) at 2004-01-07 20:27 Local time zone must be set--see zic manual page
Host target.com (*.*.*.*) appears to be up ... good.
Idlescan using zombie A.B.C.D (A.B.C.D:80); Class: Incremental
Initiating Idlescan against target.com (*.*.*.*)
All 1657 scanned ports on target.com (*.*.*.*) are: closed
Nmap run completed -- 1 IP address (1 host up) scanned in 79.691 seconds
OK, as you can see the nmap run finished succesfully. Are even these idlescans rafled by IDS's these days ? Obviously the firewall was fooled.
Also note that the primary objective was not to find open ports here, only to see how the firewall/IDS would act.
Here an example of the IDS log :
[06/Jan/2004 20:22:21] "Ids" action = permitted, raddr = MY.ORIGIN.IP.HERE , msg = '"Port scan has been detected"', url = '', direc = in, class = 'network-scan', priority = portscan
Greetz,
-
January 6th, 2004, 10:04 PM
#15
Yes, the idle scan technique is *verrry* effective which makes it that much more dangerous.
Would this be the experiment you IMed me about Shrekkie?
Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden
-
January 6th, 2004, 10:07 PM
#16
thehorse13,
No, I did two different myself today. I can't understand how the IDS picked it up tho.
Greetz,
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|