The Nmap Project · FOSSCOMM 2016. Insecure.Org. whoami • Exploiting TCP and the Persist Timer...
Transcript of The Nmap Project · FOSSCOMM 2016. Insecure.Org. whoami • Exploiting TCP and the Persist Timer...
![Page 1: The Nmap Project · FOSSCOMM 2016. Insecure.Org. whoami • Exploiting TCP and the Persist Timer Infiniteness (Phrack #66) • Abusing Network Protocols (stealthy portscanning through](https://reader036.fdocuments.in/reader036/viewer/2022071219/60568c62c49ecd2cc16eec0d/html5/thumbnails/1.jpg)
Insecure.OrgInsecure.OrgInsecure.OrgInsecure.Org
The Nmap Project
Fotis Hantzis aka ithilgoresock-raw.org
FOSSCOMM 2016
![Page 2: The Nmap Project · FOSSCOMM 2016. Insecure.Org. whoami • Exploiting TCP and the Persist Timer Infiniteness (Phrack #66) • Abusing Network Protocols (stealthy portscanning through](https://reader036.fdocuments.in/reader036/viewer/2022071219/60568c62c49ecd2cc16eec0d/html5/thumbnails/2.jpg)
Insecure.OrgInsecure.OrgInsecure.OrgInsecure.Org
whoami
• Exploiting TCP and the Persist Timer Infiniteness (Phrack #66)
• Abusing Network Protocols (stealthy portscanning through XMPP exploitation)
• Nmap developer, Ncrack author• Startup ventures
@ithilgore
![Page 3: The Nmap Project · FOSSCOMM 2016. Insecure.Org. whoami • Exploiting TCP and the Persist Timer Infiniteness (Phrack #66) • Abusing Network Protocols (stealthy portscanning through](https://reader036.fdocuments.in/reader036/viewer/2022071219/60568c62c49ecd2cc16eec0d/html5/thumbnails/3.jpg)
Insecure.OrgInsecure.OrgInsecure.OrgInsecure.Org
http://phrack.org/issues/51/11.html#article
![Page 4: The Nmap Project · FOSSCOMM 2016. Insecure.Org. whoami • Exploiting TCP and the Persist Timer Infiniteness (Phrack #66) • Abusing Network Protocols (stealthy portscanning through](https://reader036.fdocuments.in/reader036/viewer/2022071219/60568c62c49ecd2cc16eec0d/html5/thumbnails/4.jpg)
Insecure.OrgInsecure.OrgInsecure.OrgInsecure.Org
Ndiff
Npcap
NSE
Zenmap
![Page 5: The Nmap Project · FOSSCOMM 2016. Insecure.Org. whoami • Exploiting TCP and the Persist Timer Infiniteness (Phrack #66) • Abusing Network Protocols (stealthy portscanning through](https://reader036.fdocuments.in/reader036/viewer/2022071219/60568c62c49ecd2cc16eec0d/html5/thumbnails/5.jpg)
Insecure.OrgInsecure.OrgInsecure.OrgInsecure.Org
Trinity uses Nmap in Matrix Reloaded
![Page 6: The Nmap Project · FOSSCOMM 2016. Insecure.Org. whoami • Exploiting TCP and the Persist Timer Infiniteness (Phrack #66) • Abusing Network Protocols (stealthy portscanning through](https://reader036.fdocuments.in/reader036/viewer/2022071219/60568c62c49ecd2cc16eec0d/html5/thumbnails/6.jpg)
Insecure.OrgInsecure.OrgInsecure.OrgInsecure.Org
CIA using Zenmap in Bourne Ultimatum
![Page 7: The Nmap Project · FOSSCOMM 2016. Insecure.Org. whoami • Exploiting TCP and the Persist Timer Infiniteness (Phrack #66) • Abusing Network Protocols (stealthy portscanning through](https://reader036.fdocuments.in/reader036/viewer/2022071219/60568c62c49ecd2cc16eec0d/html5/thumbnails/7.jpg)
Insecure.OrgInsecure.OrgInsecure.OrgInsecure.Org
Die Hard 4
![Page 8: The Nmap Project · FOSSCOMM 2016. Insecure.Org. whoami • Exploiting TCP and the Persist Timer Infiniteness (Phrack #66) • Abusing Network Protocols (stealthy portscanning through](https://reader036.fdocuments.in/reader036/viewer/2022071219/60568c62c49ecd2cc16eec0d/html5/thumbnails/8.jpg)
Insecure.OrgInsecure.OrgInsecure.OrgInsecure.Org
Elysium
And many more: http://nmap.org/movies
![Page 9: The Nmap Project · FOSSCOMM 2016. Insecure.Org. whoami • Exploiting TCP and the Persist Timer Infiniteness (Phrack #66) • Abusing Network Protocols (stealthy portscanning through](https://reader036.fdocuments.in/reader036/viewer/2022071219/60568c62c49ecd2cc16eec0d/html5/thumbnails/9.jpg)
Insecure.OrgInsecure.OrgInsecure.OrgInsecure.Org
$5.000 stipends
> 1000 students
~ 150 open source organizations
3 – 4 months
![Page 10: The Nmap Project · FOSSCOMM 2016. Insecure.Org. whoami • Exploiting TCP and the Persist Timer Infiniteness (Phrack #66) • Abusing Network Protocols (stealthy portscanning through](https://reader036.fdocuments.in/reader036/viewer/2022071219/60568c62c49ecd2cc16eec0d/html5/thumbnails/10.jpg)
Insecure.OrgInsecure.OrgInsecure.OrgInsecure.Org
Past Nmap GSoC Accomplishments
o Nping – generic packet crafting toolo Ncat – the modern netcato Npcap – packet sniffing library (WPF)o Ncrack – network auth cracking toolo NSE – Nmap Scripting Engineo Zenmap – GUI for Nmapo Ndiff – diff for network scans
![Page 11: The Nmap Project · FOSSCOMM 2016. Insecure.Org. whoami • Exploiting TCP and the Persist Timer Infiniteness (Phrack #66) • Abusing Network Protocols (stealthy portscanning through](https://reader036.fdocuments.in/reader036/viewer/2022071219/60568c62c49ecd2cc16eec0d/html5/thumbnails/11.jpg)
Insecure.OrgInsecure.OrgInsecure.OrgInsecure.Org
High speed network authentication cracking tool
http://nmap.org/ncrack
![Page 12: The Nmap Project · FOSSCOMM 2016. Insecure.Org. whoami • Exploiting TCP and the Persist Timer Infiniteness (Phrack #66) • Abusing Network Protocols (stealthy portscanning through](https://reader036.fdocuments.in/reader036/viewer/2022071219/60568c62c49ecd2cc16eec0d/html5/thumbnails/12.jpg)
Insecure.OrgInsecure.OrgInsecure.OrgInsecure.Org
Ncrack’s Main Features
o Intelligent Core Engineo Service Recognition through Nmap (-oN, -oX)o Fine-grained timing control (cl, CL, to, cd, at,
T1-T5)o Built-in username/password listso Session stop/resumeo Modular architectureo Nsock based (asynchronous)
![Page 13: The Nmap Project · FOSSCOMM 2016. Insecure.Org. whoami • Exploiting TCP and the Persist Timer Infiniteness (Phrack #66) • Abusing Network Protocols (stealthy portscanning through](https://reader036.fdocuments.in/reader036/viewer/2022071219/60568c62c49ecd2cc16eec0d/html5/thumbnails/13.jpg)
Insecure.OrgInsecure.OrgInsecure.OrgInsecure.Org
Ncrack modules
o SSH – custom opensshlib based on OpenSSHo RDP – extremely hard protocol by MSo SMB o SIP
• Telnet• FTP• HTTP (basic/digest)• PostgreSQL• MySQL• VNC• POP3• Redis
Contributions
![Page 14: The Nmap Project · FOSSCOMM 2016. Insecure.Org. whoami • Exploiting TCP and the Persist Timer Infiniteness (Phrack #66) • Abusing Network Protocols (stealthy portscanning through](https://reader036.fdocuments.in/reader036/viewer/2022071219/60568c62c49ecd2cc16eec0d/html5/thumbnails/14.jpg)
Insecure.OrgInsecure.OrgInsecure.OrgInsecure.Org
New Ncrack 0.5 release
o New modules: Redis, PostgreSQL, MySQL, SIP, HTTP digest
o pairwise user/pass iterationo proxy supporto New opensshlib based on OpenSSH 7.1
https://nmap.org/ncrackhttps://github.com/nmap/ncrack
![Page 15: The Nmap Project · FOSSCOMM 2016. Insecure.Org. whoami • Exploiting TCP and the Persist Timer Infiniteness (Phrack #66) • Abusing Network Protocols (stealthy portscanning through](https://reader036.fdocuments.in/reader036/viewer/2022071219/60568c62c49ecd2cc16eec0d/html5/thumbnails/15.jpg)
Insecure.OrgInsecure.OrgInsecure.OrgInsecure.Org
Ncrack modules TODO list:
• CVS, SVN• Microsoft SQL• HTTP Form• IMAP• SNMP• LDAP• XMPP• Rsync, Rlogin
https://nmap.org/ncrack/devguide.html
![Page 16: The Nmap Project · FOSSCOMM 2016. Insecure.Org. whoami • Exploiting TCP and the Persist Timer Infiniteness (Phrack #66) • Abusing Network Protocols (stealthy portscanning through](https://reader036.fdocuments.in/reader036/viewer/2022071219/60568c62c49ecd2cc16eec0d/html5/thumbnails/16.jpg)
Insecure.OrgInsecure.OrgInsecure.OrgInsecure.Org
Greek Nmap Developers
• George Chatzisofroniou: NSE scripts, GSoC 2013• Evangelos Deirmetzoglou: Ncrack modules• Fotis Hantzis: Ncrack author, Nmap dev,
GSoC: {2009, 2010} - student2016 - mentor
![Page 17: The Nmap Project · FOSSCOMM 2016. Insecure.Org. whoami • Exploiting TCP and the Persist Timer Infiniteness (Phrack #66) • Abusing Network Protocols (stealthy portscanning through](https://reader036.fdocuments.in/reader036/viewer/2022071219/60568c62c49ecd2cc16eec0d/html5/thumbnails/17.jpg)
Insecure.OrgInsecure.OrgInsecure.OrgInsecure.Org
Questions?
Thanks for watching!Follow me: @ithilgore
http://sock-raw.orghttp://nmap.orghttp://nmap.org/ncrackhttp://github.com/nmap/ncrack