The Nmap Project - sock rawsock-raw.org/nmap-ncrack/fosscomm_nmap.pdf · The Nmap Project Fotis...
17
Insecure.Org The Nmap Project Fotis Hantzis aka ithilgore sock-raw.org FOSSCOMM 2016
Transcript of The Nmap Project - sock rawsock-raw.org/nmap-ncrack/fosscomm_nmap.pdf · The Nmap Project Fotis...
Insecure.OrgInsecure.OrgInsecure.OrgInsecure.Org
The Nmap Project
Fotis Hantzis aka ithilgoresock-raw.org
FOSSCOMM 2016
Insecure.OrgInsecure.OrgInsecure.OrgInsecure.Org
whoami
• Exploiting TCP and the Persist Timer Infiniteness (Phrack #66)
• Abusing Network Protocols (stealthy portscanning through XMPP exploitation)
• Nmap developer, Ncrack author• Startup ventures
@ithilgore
Insecure.OrgInsecure.OrgInsecure.OrgInsecure.Org
http://phrack.org/issues/51/11.html#article
Insecure.OrgInsecure.OrgInsecure.OrgInsecure.Org
Ndiff
Npcap
NSE
Zenmap
Insecure.OrgInsecure.OrgInsecure.OrgInsecure.Org
Trinity uses Nmap in Matrix Reloaded
Insecure.OrgInsecure.OrgInsecure.OrgInsecure.Org
CIA using Zenmap in Bourne Ultimatum
Insecure.OrgInsecure.OrgInsecure.OrgInsecure.Org
Die Hard 4
Insecure.OrgInsecure.OrgInsecure.OrgInsecure.Org
Elysium
And many more: http://nmap.org/movies
Insecure.OrgInsecure.OrgInsecure.OrgInsecure.Org
$5.000 stipends
> 1000 students
~ 150 open source organizations
3 – 4 months
Insecure.OrgInsecure.OrgInsecure.OrgInsecure.Org
Past Nmap GSoC Accomplishments
o Nping – generic packet crafting toolo Ncat – the modern netcato Npcap – packet sniffing library (WPF)o Ncrack – network auth cracking toolo NSE – Nmap Scripting Engineo Zenmap – GUI for Nmapo Ndiff – diff for network scans
Insecure.OrgInsecure.OrgInsecure.OrgInsecure.Org
High speed network authentication cracking tool
http://nmap.org/ncrack
Insecure.OrgInsecure.OrgInsecure.OrgInsecure.Org
Ncrack’s Main Features
o Intelligent Core Engineo Service Recognition through Nmap (-oN, -oX)o Fine-grained timing control (cl, CL, to, cd, at,
T1-T5)o Built-in username/password listso Session stop/resumeo Modular architectureo Nsock based (asynchronous)
Insecure.OrgInsecure.OrgInsecure.OrgInsecure.Org
Ncrack modules
o SSH – custom opensshlib based on OpenSSHo RDP – extremely hard protocol by MSo SMB o SIP
• Telnet• FTP• HTTP (basic/digest)• PostgreSQL• MySQL• VNC• POP3• Redis
Contributions
Insecure.OrgInsecure.OrgInsecure.OrgInsecure.Org
New Ncrack 0.5 release
o New modules: Redis, PostgreSQL, MySQL, SIP, HTTP digest
o pairwise user/pass iterationo proxy supporto New opensshlib based on OpenSSH 7.1
https://nmap.org/ncrackhttps://github.com/nmap/ncrack
Insecure.OrgInsecure.OrgInsecure.OrgInsecure.Org
Ncrack modules TODO list:
• CVS, SVN• Microsoft SQL• HTTP Form• IMAP• SNMP• LDAP• XMPP• Rsync, Rlogin
https://nmap.org/ncrack/devguide.html
Insecure.OrgInsecure.OrgInsecure.OrgInsecure.Org
Greek Nmap Developers
• George Chatzisofroniou: NSE scripts, GSoC 2013• Evangelos Deirmetzoglou: Ncrack modules• Fotis Hantzis: Ncrack author, Nmap dev,
GSoC: {2009, 2010} - student2016 - mentor
Insecure.OrgInsecure.OrgInsecure.OrgInsecure.Org
Questions?
Thanks for watching!Follow me: @ithilgore
http://sock-raw.orghttp://nmap.orghttp://nmap.org/ncrackhttp://github.com/nmap/ncrack
![ì Computer NetworkingOS Detection ìWhat operating systems are on the network? nmap–O [options] {target specification} root@kali:~# nmap-O scanme.nmap.org Starting Nmap 7.80 ( )](https://static.fdocuments.in/doc/165x107/60b87b2054753937a1066c85/-computer-networking-os-detection-what-operating-systems-are-on-the-network.jpg)
