Summerschool Aachen 2004/Building Attacks Lab

From C4 Wiki
< Summerschool Aachen 2004
Revision as of 18:40, 23 September 2004 by Mario Manno (talk | contribs) (nmap - always print fingerprint bad bad idea)
Jump to: navigation, search

Network Basics

The slides can be found here

Notes on Presentations

Network Basics

The second lecture today will cover the basics of network programming. Here are a few links that could help you during the lab session:

Linux clock timings

These show some measurements I have take on the Linux 2.4 kernel clock using gettimeofday(). This returns results with microsecond precision, so I wanted to make sure that this precision was significant. These graphs show that both the millisecond and microsecond parts give fairly uniform results.

Milliseconds
http://www.cl.cam.ac.uk/users/sjm217/volatile/timing_msec.png

Microseconds
http://www.cl.cam.ac.uk/users/sjm217/volatile/timing_usec.png

-- Steven Murdoch

A mathematical theory of communication

I've uploaded this famous paper by C.E. Shannon to http://berlin.ccc.de/~cc/shannon-a_mathematical_theory_of_communication.pdf.
You may download it, if you're interested.

--Cpunkt 12:21, 23 Sep 2004 (CEST)

Billy the kid

a python lib that allows you to make raw sockets.

Notes on Lab Session

Google Search String Competition

Insert here your Favorite (novel) search strings:

nmap - always print fingerprint bad bad idea

diff -Nau nmap-3.70/output.cc nmap-3.70.mm/output.cc
--- nmap-3.70/output.cc	2004-08-29 11:12:03.000000000 +0200
+++ nmap-3.70.mm/output.cc	2004-09-23 19:14:13.000000000 +0200
@@ -353,7 +353,8 @@
	snprintf(portinfo, sizeof(portinfo), "%d/%s", current->portno, protocol);
	state = statenum2str(current->state);
	current->getServiceDeductions(&sd);
-	if (sd.service_fp && saved_servicefps.size() <= 8)
+    // always print the fingerprint
+	if (sd.service_fp)
	  saved_servicefps.push_back(sd.service_fp);

	if (o.rpcscan) {
diff -Nau nmap-3.70/service_scan.cc nmap-3.70.mm/service_scan.cc
--- nmap-3.70/service_scan.cc	2004-08-29 11:12:03.000000000 +0200
+++ nmap-3.70.mm/service_scan.cc	2004-09-23 19:20:57.000000000 +0200
@@ -1825,6 +1825,9 @@
 
     if (MD && MD->serviceName) {
       // WOO HOO!!!!!!  MATCHED!  But might be soft
+      // mm: print a fingerprint everytime
+        svc->addToServiceFingerprint(MD->serviceName, readstr, readstrlen);
+
       if (MD->isSoft && svc->probe_matched) {
 	if (strcmp(svc->probe_matched, MD->serviceName) != 0)
 	  error("WARNING:  service %s:%hi had allready soft-matched %s, but now soft-matched %s; ignoring second value\n", svc->target->NameIP(), svc->portno, svc->probe_matched, MD->serviceName);
@@ -1967,7 +1970,8 @@
 					  *(*svc)->product_matched? (*svc)->product_matched : NULL, 
 					  *(*svc)->version_matched? (*svc)->version_matched : NULL, 
 					  *(*svc)->extrainfo_matched? (*svc)->extrainfo_matched : NULL, 
-					  NULL);
+                      (*svc)->getServiceFingerprint(NULL));
+					  //NULL); // always pass the fingerprint
 
    } else if ((*svc)->probe_state == PROBESTATE_FINISHED_SOFTMATCHED) {
     (*svc)->port->setServiceProbeResults((*svc)->probe_state,