Results 1 to 3 of 3

Thread: Naming security

  1. #1
    Join Date
    Feb 2002

    Naming security

    Ok guys and gals, bear with me here. I'm not new to the whole security deal, but I am new to home brewed tools and methods. I was sitting here thinking the other night about remote OS detection and the like. How much easier it is (from either side of the fence) to know almost certainly what is at the other end. I decided to put together a little script that would (kinda) do this.

    Take a list of hosts, be it from a file, or an active pipe from stdin and strip down the garbage out of the hostnames to the pure MAC address. Then run the results against a database of known vendors. I got something put together that gets me this far:

    nmap -sL 24.*.*.*/24 | sed -e 's/garbage//g' | sed -e 's/.more.garbage.net//g' | sed -e 's/ not scanned//g' >> /tmp/macandip

    that leaves me with something like this

    080046a34ebf (24.*.*.*)
    0040f4282e91 (24.*.*.*)

    how in the f**K do I get the colons in there, or whatever. I'm tired, and my pot of coffee has run dry.

    I'm a noob, all I need help with is the text manipulaiton and I'll have it. I know that theres shortcuts, etc, that I'm missing here, I'm just trying to get a little shove towards what to do next. I'll post the full deal when I get it done, if ever. Thanks for any help, rants, comments, etc...


  2. #2
    Senior Member
    Join Date
    May 2003
    what good will knowing the mac address of something be if you are going for OS detection... MAC addresses are hard coded to your nic, so if you hit a nic you will know the brand of nic possibly (althought you would have to get a MAC range for EVERY vendor) but even then you wont know the OS. the most you could possibly guess is Mac or PC, and even that could be a stretch in some situations.
    Everyone is going to die, I am just as good of a reason as any.


  3. #3
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    While it might look like a small piece of information it could help with mapping a network. Routers will become pretty along with some other things. I would help get a picture and is quicker, cleaner and passive compared to an NMap Scan which will be detected by an IDS. However, the assumption is that a foothold has been gained on the network or it is an internal "job".
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts