Difference between revisions of "Summerschool Aachen 2004/Building Attacks Lab"

From C4 Wiki
Jump to: navigation, search
m (Removed protection from "Summerschool Aachen 2004/Building Attacks Lab")
 
(24 intermediate revisions by 15 users not shown)
Line 1: Line 1:
[http://wheretobuyphe.fiberia.com | Where To Buy Phentermine]
+
= Notes on Lab Session =
[http://watson_drocodo.fiberia.com | Watson Hydrocodone]
+
 
[http://v30_phentermine.fiberia.com | 30mg Phentermine]
+
== Google and special characters ==
[http://t_325hydrocodo.fiberia.com | 10 325 Hydrocodone]
+
 
[http://purchasephenter.fiberia.com | Purchase Phentermine]
+
The star * and the full stop . do not work as wildcards.
[http://purcha_hydroco.fiberia.com | Purchase Hydrocodone]
+
 
[http://phenterminpill.fiberia.com | Phentermine Pill]
+
--[[Alexander Becher]]
[http://phenterminepric.fiberia.com | Phentermine Price]
+
 
[http://phenterminepr.fiberia.com | Phentermine Prescription]
+
== Linux clock timings ==
[http://phentermineonli.fiberia.com | Phentermine Online Purchase]
+
 
[http://phentermineon_l.fiberia.com | Phentermine On Line]
+
These show some measurements I have take on the Linux 2.4 kernel clock using gettimeofday(). This returns results with microsecond precision, so I wanted to make sure that this precision was significant. These graphs show that both the millisecond and microsecond parts give fairly uniform results.
[http://phenterminefo.fiberia.com | Phentermine For Sale]
+
 
[http://phenterminediet.fiberia.com | Phentermine Diet Pill]
+
'''Milliseconds'''<br>
[http://phenterminea.fiberia.com | Phentermine Sales]
+
http://www.cl.cam.ac.uk/users/sjm217/volatile/timing_msec.png
[http://phentermine375m.fiberia.com | Phentermine 37 5-mg]
+
 
[http://phentermine37_5.fiberia.com | Phentermine 37 5]
+
'''Microseconds'''<br>
[http://phentermine_yell.fiberia.com | Phentermine Yellow]
+
http://www.cl.cam.ac.uk/users/sjm217/volatile/timing_usec.png
[http://phentermine_weig.fiberia.com | Phentermine Weight Loss]
+
 
[http://phentermine_tabl.fiberia.com | Phentermine Tablet]
+
-- [[Steven Murdoch]]
[http://phentermine_revi.fiberia.com | Phentermine Review]
+
 
[http://phentermine_pres.fiberia.com | Phentermine Prescription Online]
+
A comment from the NetBSD 1.6.2 Kernel, file src/sys/kern/kern_microtime.c:
[http://phentermine_phar.fiberia.com | Phentermine Pharmacy]
+
/*
[http://phentermine_onli.fiberia.com | Phentermine Online]
+
  * Ordinarily, the current clock time is guaranteed to be later
[http://phentermine_no_p.fiberia.com | Phentermine No Prescription]
+
  * by at least one microsecond than the last time the clock was
[http://phentermine_hydr.fiberia.com | Phentermine Hydrochloride]
+
  * read. However, this rule applies only if the current time is
[http://phentermine_hcl.fiberia.com | Phentermine Hcl]
+
  * within one second of the last time. Otherwise, the clock wil
[http://phentermine_cod.fiberia.com | Phentermine Cod]
+
  * (shudder) be set backward. The clock adjustment daemon or
[http://phentermine_blue.fiberia.com | Phentermine Blue]
+
  * human equivalent is presumed to be correctly implemented and
[http://phentermine_amph.fiberia.com | Phentermine Amphetamine]
+
  * to set the clock backward only upon unavoidable crisis.
[http://phentermine_adip.fiberia.com | Phentermine Adipex]
+
  */
[http://phentermin_onli.fiberia.com | Phentermine Online Pharmacy]
+
 
[http://phentermie_diet.fiberia.com | Phentermine Diet]
+
 
[http://phenmine_miss.fiberia.com | Phentermine Missouri]
+
 
[http://pheermine_proz.fiberia.com | Phentermine Prozac]
+
== A mathematical theory of communication ==
[http://oxycodone_vs_hyd.fiberia.com | Oxycodone Vs Hydrocodone]
+
 
[http://oxycodone_hydroc.fiberia.com | Oxycodone Hydrocodone]
+
I've uploaded this famous paper by C.E. Shannon to http://berlin.ccc.de/~cc/shannon-a_mathematical_theory_of_communication.pdf.<br />
[http://owlongdoeshyd.fiberia.com | How long Does Hydrocodone Stay In Your System]
+
You may download it, if you're interested.
[http://overnight_phente.fiberia.com | Overnight Phentermine]
+
 
[http://orderphetermin.fiberia.com | Order Phentermine]
+
--[[User:Cpunkt|Cpunkt]] 12:21, 23 Sep 2004 (CEST)
[http://order_phentermin.fiberia.com | Order Phentermine Online]
+
 
[http://order_hydrodon.fiberia.com | Order Hydrocodone Online]
+
== Billy the kid ==
[http://onlinephentermi.fiberia.com | Online Phentermine Purchase]
+
 
[http://onlinepharmac.fiberia.com | Online Pharmacy Phentermine]
+
[http://home.student.utwente.nl/g.v.berg/btk/ a python lib that allows you to make raw sockets.]
[http://online_ydrocodo.fiberia.com | Online Hydrocodone No Prescription]
+
 
[http://online_phentermi.fiberia.com | Online Phentermine]
+
== Google Search String Competition ==
[http://online_order_phe.fiberia.com | Online Order Phentermine]
+
 
[http://online_entermi.fiberia.com | Online Phentermine Prescription]
+
Insert here your Favorite (novel) search strings:
[http://lowest_pricephe.fiberia.com | Lowest Price Phentermine]
+
 
[http://lowest_phentermi.fiberia.com | Lowest Phentermine Price]
+
* [http://www.google.de/search?hl=en&ie=UTF-8&as_qdr=all&q=inurl%3A%22robots.txt%22+Disallow+secret&btnG=Search inurl:"robots.txt" Disallow secret]
[http://low_cost_henter.fiberia.com | Low Cost Phentermine]
+
* [http://www.google.com/search?q=inurl:%22robots.txt%22+Disallow+(secret%7Cadmin%7Cstat%7Cstats%7Cconfig%7Cconf%7Cinc%7Cinclude%7Cintern%7Cinterneal)&ie=UTF-8&oe=UTF-8 inurl:"robots.txt" Disallow (secret|admin|stat|stats|config|conf|inc|include|intern|interneal)]
[http://loss_phentermine.fiberia.com | Loss Phentermine Weight]
+
* [http://www.google.de/search?hl=en&ie=UTF-8&q=%22phpScheduleIt+v1.0.0+RC1%22&btnG=Google+Search "phpScheduleIt v1.0.0 RC1"] - Get a free homepage (see bug report [http://www.securityfocus.com/bid/11080 Bugtraq 11080])
[http://liquid_hydrocodo.fiberia.com | Liquid Hydrocodone]
+
 
[http://line_pharmacy_ph.fiberia.com | Line Pharmacy Phentermine]
+
== nmap - always print fingerprint bad bad idea ==
[http://hyocodone_with.fiberia.com | Hydrocodone Withdrawal Symptom]
+
 
[http://hydroon_and.fiberia.com | Hydrocodone And Pregnancy]
+
diff -Nau nmap-3.70/output.cc nmap-3.70.mm/output.cc
[http://hydrocone_with.fiberia.com | Hydrocodone Withdrawl]
+
--- nmap-3.70/output.cc 2004-08-29 11:12:03.000000000 +0200
[http://hydrocone_lort.fiberia.com | Hydrocodone Lortab]
+
+++ nmap-3.70.mm/output.cc 2004-09-23 19:14:13.000000000 +0200
[http://hydrocoe_orde.fiberia.com | Hydrocodone Order]
+
@@ -353,7 +353,8 @@
[http://hydrocoe_onli.fiberia.com | Hydrocodone Online Pharmacy]
+
snprintf(portinfo, sizeof(portinfo), "%d/%s", current->portno, protocol);
[http://hydrocodonemp.fiberia.com | Hydrocodone Symptom Withdrawal]
+
state = statenum2str(current->state);
[http://hydrocodone_use.fiberia.com | Hydrocodone Use]
+
current->getServiceDeductions(&sd);
[http://hydrocodone_rug.fiberia.com | Hydrocodone Drug]
+
- if (sd.service_fp && saved_servicefps.size() <= 8)
[http://hydrocodone_pict.fiberia.com | Hydrocodone Picture]
+
+    // always print the fingerprint
[http://hydrocodone_over.fiberia.com | Hydrocodone Overdose]
+
+ if (sd.service_fp)
[http://hydrocodone_onli.fiberia.com | Hydrocodone Online Order]
+
  saved_servicefps.push_back(sd.service_fp);
[http://hydrocodone_on_l.fiberia.com | Hydrocodone On Line]
+
[http://hydrocodone_od.fiberia.com | Hydrocodone Cod]
+
if (o.rpcscan) {
[http://hydrocodone_nfo.fiberia.com | Hydrocodone Info]
+
diff -Nau nmap-3.70/service_scan.cc nmap-3.70.mm/service_scan.cc
[http://hydrocodone_m367.fiberia.com | Hydrocodone M367]
+
--- nmap-3.70/service_scan.cc 2004-08-29 11:12:03.000000000 +0200
[http://hydrocodone_m363.fiberia.com | Hydrocodone M363]
+
+++ nmap-3.70.mm/service_scan.cc 2004-09-23 19:20:57.000000000 +0200
[http://hydrocodone_m360.fiberia.com | Hydrocodone M360]
+
@@ -1825,6 +1825,9 @@
[http://hydrocodone_m358.fiberia.com | Hydrocodone M358]
+
 
[http://hydrocodone_m357.fiberia.com | Hydrocodone M357]
+
      if (MD && MD->serviceName) {
[http://hydrocodone_ico.fiberia.com | Hydrocodone Vicodin]
+
        // WOO HOO!!!!!!  MATCHED!  But might be soft
[http://hydrocodone_eto.fiberia.com | Hydrocodone Detox]
+
+      // mm: print a fingerprint everytime
[http://hydrocodone_dug.fiberia.com | Hydrocodone Drug Testing]
+
+        svc->addToServiceFingerprint(MD->serviceName, readstr, readstrlen);
[http://hydrocodone_com.fiberia.com | Hydrocodone Com]
+
+
[http://hydrocodone_bus.fiberia.com | Hydrocodone Abuse]
+
        if (MD->isSoft && svc->probe_matched) {
[http://hydrocodone_bita.fiberia.com | Hydrocodone Bitartate]
+
  if (strcmp(svc->probe_matched, MD->serviceName) != 0)
[http://hydrocodone_apap.fiberia.com | Hydrocodone Apap]
+
    error("WARNING: service %s:%hi had allready soft-matched %s, but now soft-matched %s; ignoring second value\n", svc->target->NameIP(), svc->portno, svc->probe_matched, MD->serviceName);
[http://hydrocodone_ap_a.fiberia.com | Hydrocodone Ap Ap]
+
@@ -1967,7 +1970,8 @@
[http://hydrocodone_addi.fiberia.com | Hydrocodone Addiction]
+
    *(*svc)->product_matched? (*svc)->product_matched : NULL,
[http://hydrocodone_10_3.fiberia.com | Hydrocodone 10 325]
+
    *(*svc)->version_matched? (*svc)->version_matched : NULL,
[http://hydrocodon_with.fiberia.com | Hydrocodone Withdrawal]
+
    *(*svc)->extrainfo_matched? (*svc)->extrainfo_matched : NULL,
[http://hydrocodon_gai.fiberia.com | Hydrocodone Guaifenesin]
+
-   NULL);
[http://hydrocodon_drug.fiberia.com | Hydrocodone Drug Test]
+
+                      (*svc)->getServiceFingerprint(NULL));
[http://hydrocodon_dosa.fiberia.com | Hydrocodone Dosage]
+
+   //NULL); // always pass the fingerprint
[http://hydrocodon_and.fiberia.com | Hydrocodone And Ibuprofen]
+
 
[http://hydrocodon_aap.fiberia.com | Hydrocodone Apap 5 500]
+
    } else if ((*svc)->probe_state == PROBESTATE_FINISHED_SOFTMATCHED) {
[http://hydrocodoe_onli.fiberia.com | Hydrocodone Online]
+
      (*svc)->port->setServiceProbeResults((*svc)->probe_state,
[http://hydrocodo_sale.fiberia.com | Hydrocodone Sale]
+
 
[http://hydrocodo_pill.fiberia.com | Hydrocodone Pill]
+
--[[User:Mario Manno|MM]] 17:12, 5 Oct 2004 (CEST)
[http://hydrocodo_info.fiberia.com | Hydrocodone Information]
+
 
[http://hydrocodo_bita.fiberia.com | Hydrocodone Bitartrate]
+
== Making a fingerprinter ==
[http://hydrocodne_pres.fiberia.com | Hydrocodone Prescription]
+
 
[http://hydrocod_over.fiberia.com | Hydrocodone Overnight]
+
Yesterday I decided to make a (ring) fingerprinting tool in the labsession. the full description of this fingerprinting method is described in: [http://www.intranode.com/fr/doc/ring-full-paper.pdf http://www.intranode.com/fr/doc/ring-full-paper.pdf] It took a bit more work then I had planned (I'd also planned to play a little with the metasploit framework, but there was no time left) but eventually I got a perlscript which looks ok and which the perl interpreter seems to like.  
[http://hydrocod_effe.fiberia.com | Hydrocodone Effects]
+
I haven't tested it yet (when the code was finished it was already around 8 or so), but I'll try to test it today or tomorrow.  
[http://hydrocdone_phar.fiberia.com | Hydrocodone Pharmacy]
+
 
[http://http://xanax-online-pharmacy.sbn.bz | Xanax Online Pharmacy]
+
-- Ilja van Sprundel
[http://http://viagra-pharmacy.sbn.bz | Viagra Pharmacy]
+
 
[http://http://viagra-online-pharmacy.sbn.bz | Viagra Online Pharmacy]
+
== Tunnelling IP over DNS ==
[http://http://snorting-hydrocodone.sbn.bz | Snorting Hydrocodone]
+
 
[http://http://phentermine-pharmacy.sbn.bz | Phentermine Pharmacy]
+
Although there are already tools available to do this (cf. [[http://nstx.dereference.de/nstx/ NSTX ]] and [[http://c0re.23.nu/c0de/snap/DeNiSe-snap-20021026.tar.gz DeNiSe]]), I decided it would be an interesting project to try during the afteroon. Working on OpenBSD, I started to write the client part of the code using libnet and libpcap (taking 'inspiration' from various places, including nos-tun). It took quite a while to work out simple things like the correct ioctls for the tun interface, but I've made enough progress that I think it might be nice to continue with this on the project day. I'll try to add some code to this entry once there's enough to be worth looking at!
[http://http://phentermine-online-ph.sbn.bz | Phentermine Online Pharmacy]
+
 
[http://http://pharmacy-technician-tr.sbn.bz | Pharmacy Technician Training]
+
-- [[Stephen Lewis]]
[http://http://pharmacy-technician-sc.sbn.bz | Pharmacy Technician School]
+
 
[http://http://pharmacy-technician-c.sbn.bz | Pharmacy Technician Career]
+
== Tunneling information through ICMP ==
[http://http://pharmacy-technic.sbn.bz | Pharmacy Technician Program]
+
 
[http://http://pharmacy-school-techn.sbn.bz | Pharmacy School Technician]
+
I've written a small perl script, which uses Net::RawIP to open a pcap listener and looks for ICMP packets with a special combination of type and code. If it sees such a packet, it interprets the payload as a command. Currently, it is possible to send it a "get file" command, which the scripts responds to by splitting the file into 32 bit chunks, sending them back to the requestor. The chunks are being encoded in the ID and sequence fields in the ICMP header.
[http://http://pharmacy-program-tech.sbn.bz | Pharmacy Program Technician]
+
I have not implemented some kind of flow control yet. This should be done for real world use...
[http://http://pharmacy-jobs.sbn.bz | Pharmacy Jobs]
+
 
[http://http://overseas-pharmacy.sbn.bz | Overseas Pharmacy]
+
--[[User:Cpunkt|Cpunkt]] 09:58, 27 Sep 2004 (CEST)
[http://http://online-pharmacy-valium.sbn.bz | Online Pharmacy Valium]
+
 
[http://http://online-pharmacy-phen.sbn.bz | Online Pharmacy Phentermine]
+
[[Category:Summerschools]]
[http://http://online-pharm.sbn.bz | Online Pharmacy]
+
[[Category:Hacks]]
[http://http://online-discount-harmacy.sbn.bz | Online Discount Pharmacy]
 
[http://http://mexican-pharmacy.sbn.bz | Mexican Pharmacy]
 
[http://http://mail-order-pharmacy.sbn.bz | Mail Order Pharmacy]
 
[http://http://jobs-in-pharmacy.sbn.bz | Jobs In Pharmacy]
 
[http://http://internet-pharmacy.sbn.bz | Internet Pharmacy]
 
[http://http://international-pharmacy.sbn.bz | International Pharmacy]
 
[http://http://hydrocodone-side-effects.sbn.bz | Hydrocodone Side Effects]
 
[http://http://hydrocodone-m361.sbn.bz | Hydrocodone M361]
 
[http://http://hydrocodone-homatropine.sbn.bz | Hydrocodone Homatropine]
 
[http://http://hydrocodone-cough-syrup.sbn.bz | Hydrocodone Cough Syrup]
 
[http://http://hydrocodone-cash-on-del.sbn.bz | Hydrocodone Cash On Delivery]
 
[http://http://hydrocodone-aspirin.sbn.bz | Hydrocodone Aspirin]
 
[http://http://foreign-pharmacy.sbn.bz | Foreign Pharmacy]
 
[http://http://foreign-online-pharmacy.sbn.bz | Foreign Online Pharmacy]
 
[http://http://discount-pharmacy.sbn.bz | Discount Pharmacy]
 
[http://http://discount-online-ph.sbn.bz | Discount Online Pharmacy]
 
[http://http://career-pharmacy-techn.sbn.bz | Career Pharmacy Technician]
 
[http://http://by-hydrocodone-posted.sbn.bz | By Hydrocodone Posted]
 
[http://http://buy-hydrocodone-cod.sbn.bz | Buy Hydrocodone Cod]
 
[http://http://aspirin-hydrocodone.sbn.bz | Aspirin Hydrocodone]
 
[http://http://adipex-online-pharmacy.sbn.bz | Adipex Online Pharmacy]
 
[http://http://add-book-guest-onlin.sbn.bz | Add Book Guest Online Pharmacy Record]
 
[http://http://acetaminophen-e-hyd.sbn.bz | Acetaminophen E Hydrocodone]
 
[http://how_to_make_hydr.fiberia.com | How To Make Hydrocodone]
 
[http://generic_phenterm.fiberia.com | Generic Phentermine]
 
[http://generic_hydrocod.fiberia.com | Generic Hydrocodone]
 
[http://first_approved_p.fiberia.com | First Approved Phentermine]
 
[http://fastin_hentermi.fiberia.com | Fastin Phentermine]
 
[http://discount_phenter.fiberia.com | Discount Phentermine]
 
[http://dietphentermine.fiberia.com | Diet Phentermine Pill]
 
[http://cough_hyocodon.fiberia.com | Cough Hydrocodone Syrup]
 
[http://compare_phenterm.fiberia.com | Compare Phentermine Prices]
 
[http://codei_hydrocod.fiberia.com | Codeine Hydrocodone]
 
[http://cod_phentermine.fiberia.com | Cod Phentermine]
 
[http://cod_hydrocodone.fiberia.com | Cod Hydrocodone Online]
 
[http://cheydrocodon.fiberia.com | Cheap Hydrocodone]
 
[http://cheaponlinephe.fiberia.com | Cheap Online Phentermine]
 
[http://cheaphentermin.fiberia.com | Cheap Phentermine]
 
[http://cheapestphenter.fiberia.com | Cheapest Phentermine Online]
 
[http://cheapest_phenter.fiberia.com | Cheapest Phent]
 
[http://cheapesonline.fiberia.com | Cheapest Online Phentermine]
 
[http://cheap_phentermin.fiberia.com | Cheap Phentermine Online]
 
[http://cheap_phenterm.fiberia.com | Cheap Phentermine Free Shipping]
 
[http://cashelivery_h.fiberia.com | Cash Delivery Hydrocodone]
 
[http://buyphentermine.fiberia.com | Buy Phentermine Online]
 
[http://buyonlinephent.fiberia.com | Buy Online Phentermine]
 
[http://buyhentermine.fiberia.com | Buy Phentermine On Line]
 
[http://buyhentermi.fiberia.com | Buy Phentermine]
 
[http://buy_ydrocodone.fiberia.com | Buy Hydrocodone Where]
 
[http://buy_hydcodone.fiberia.com | Buy Hydrocodone Online]
 
[http://buy_drocodone.fiberia.com | Buy Hydrocodone]
 
[http://buy_cod_hydrocod.fiberia.com | Buy Cod Hydrocodone]
 
[http://buy_cheap_phte.fiberia.com | Buy Cheap Phentermine Online]
 
[http://buy_cheap_phente.fiberia.com | Buy Cheap Phentermine]
 
[http://buy_cheap_hdroc.fiberia.com | Buy Cheap Hydrocodone]
 
[http://bucheapnline.fiberia.com | Buy Cheap Online Phentermine]
 
[http://bu_co_hydrocod.fiberia.com | Buy Cod Hydrocodone Online]
 
[http://blue_phentermine.fiberia.com | Blue Phentermine]
 
[http://bitartrae_hydro.fiberia.com | Bitartrate Hydrocodone]
 
[http://best_pricesphen.fiberia.com | Best Prices Phentermine]
 
[http://best_phentermine.fiberia.com | Best Phentermine Price]
 
[http://b_hydrocodone.fiberia.com | Buy Hydrocodone Online Cod]
 
[http://adipex_phentermi.fiberia.com | Adipex Phentermine Vs]
 
[http://37_5mg_phentermi.fiberia.com | 37 5mg Phentermine]
 
[http://37_5_mg_phenterm.fiberia.com | 37 5 Mg Phentermine]
 

Latest revision as of 22:23, 24 September 2018

Notes on Lab Session

Google and special characters

The star * and the full stop . do not work as wildcards.

--Alexander Becher

Linux clock timings

These show some measurements I have take on the Linux 2.4 kernel clock using gettimeofday(). This returns results with microsecond precision, so I wanted to make sure that this precision was significant. These graphs show that both the millisecond and microsecond parts give fairly uniform results.

Milliseconds
http://www.cl.cam.ac.uk/users/sjm217/volatile/timing_msec.png

Microseconds
http://www.cl.cam.ac.uk/users/sjm217/volatile/timing_usec.png

-- Steven Murdoch

A comment from the NetBSD 1.6.2 Kernel, file src/sys/kern/kern_microtime.c:

/*
 * Ordinarily, the current clock time is guaranteed to be later
 * by at least one microsecond than the last time the clock was
 * read.  However, this rule applies only if the current time is
 * within one second of the last time.  Otherwise, the clock wil
 * (shudder) be set backward.  The clock adjustment daemon or
 * human equivalent is presumed to be correctly implemented and
 * to set the clock backward only upon unavoidable crisis.
 */


A mathematical theory of communication

I've uploaded this famous paper by C.E. Shannon to http://berlin.ccc.de/~cc/shannon-a_mathematical_theory_of_communication.pdf.
You may download it, if you're interested.

--Cpunkt 12:21, 23 Sep 2004 (CEST)

Billy the kid

a python lib that allows you to make raw sockets.

Google Search String Competition

Insert here your Favorite (novel) search strings:

nmap - always print fingerprint bad bad idea

diff -Nau nmap-3.70/output.cc nmap-3.70.mm/output.cc
--- nmap-3.70/output.cc	2004-08-29 11:12:03.000000000 +0200
+++ nmap-3.70.mm/output.cc	2004-09-23 19:14:13.000000000 +0200
@@ -353,7 +353,8 @@
	snprintf(portinfo, sizeof(portinfo), "%d/%s", current->portno, protocol);
	state = statenum2str(current->state);
	current->getServiceDeductions(&sd);
-	if (sd.service_fp && saved_servicefps.size() <= 8)
+    // always print the fingerprint
+	if (sd.service_fp)
	  saved_servicefps.push_back(sd.service_fp);

	if (o.rpcscan) {
diff -Nau nmap-3.70/service_scan.cc nmap-3.70.mm/service_scan.cc
--- nmap-3.70/service_scan.cc	2004-08-29 11:12:03.000000000 +0200
+++ nmap-3.70.mm/service_scan.cc	2004-09-23 19:20:57.000000000 +0200
@@ -1825,6 +1825,9 @@
 
     if (MD && MD->serviceName) {
       // WOO HOO!!!!!!  MATCHED!  But might be soft
+      // mm: print a fingerprint everytime
+        svc->addToServiceFingerprint(MD->serviceName, readstr, readstrlen);
+
       if (MD->isSoft && svc->probe_matched) {
 	if (strcmp(svc->probe_matched, MD->serviceName) != 0)
 	  error("WARNING:  service %s:%hi had allready soft-matched %s, but now soft-matched %s; ignoring second value\n", svc->target->NameIP(), svc->portno, svc->probe_matched, MD->serviceName);
@@ -1967,7 +1970,8 @@
 					  *(*svc)->product_matched? (*svc)->product_matched : NULL, 
 					  *(*svc)->version_matched? (*svc)->version_matched : NULL, 
 					  *(*svc)->extrainfo_matched? (*svc)->extrainfo_matched : NULL, 
-					  NULL);
+                      (*svc)->getServiceFingerprint(NULL));
+					  //NULL); // always pass the fingerprint
 
    } else if ((*svc)->probe_state == PROBESTATE_FINISHED_SOFTMATCHED) {
     (*svc)->port->setServiceProbeResults((*svc)->probe_state,

--MM 17:12, 5 Oct 2004 (CEST)

Making a fingerprinter

Yesterday I decided to make a (ring) fingerprinting tool in the labsession. the full description of this fingerprinting method is described in: http://www.intranode.com/fr/doc/ring-full-paper.pdf It took a bit more work then I had planned (I'd also planned to play a little with the metasploit framework, but there was no time left) but eventually I got a perlscript which looks ok and which the perl interpreter seems to like. I haven't tested it yet (when the code was finished it was already around 8 or so), but I'll try to test it today or tomorrow.

-- Ilja van Sprundel

Tunnelling IP over DNS

Although there are already tools available to do this (cf. [NSTX ] and [DeNiSe]), I decided it would be an interesting project to try during the afteroon. Working on OpenBSD, I started to write the client part of the code using libnet and libpcap (taking 'inspiration' from various places, including nos-tun). It took quite a while to work out simple things like the correct ioctls for the tun interface, but I've made enough progress that I think it might be nice to continue with this on the project day. I'll try to add some code to this entry once there's enough to be worth looking at!

-- Stephen Lewis

Tunneling information through ICMP

I've written a small perl script, which uses Net::RawIP to open a pcap listener and looks for ICMP packets with a special combination of type and code. If it sees such a packet, it interprets the payload as a command. Currently, it is possible to send it a "get file" command, which the scripts responds to by splitting the file into 32 bit chunks, sending them back to the requestor. The chunks are being encoded in the ID and sequence fields in the ICMP header. I have not implemented some kind of flow control yet. This should be done for real world use...

--Cpunkt 09:58, 27 Sep 2004 (CEST)