Penetration Testing
run nmap automatically from index.html (??) Nov 16 2011 02:09PM
Kathy Simm (kathys39 hotmail com) (7 replies)
RE: run nmap automatically from index.html (??) Nov 16 2011 08:50PM
Ward, Jon (Jon_Ward SYNTELINC COM) (2 replies)
Re: run nmap automatically from index.html (??) Nov 17 2011 08:41AM
arvind doraiswamy (arvind doraiswamy gmail com)
RE: run nmap automatically from index.html (??) Nov 16 2011 11:10PM
Ward, Jon (Jon_Ward SYNTELINC COM)
Don't forget that nmap will probably need to run as root on a *nix box.
That may be the bigger obstacle. Reading some of the other posts
prompted me to re-read your post. I'm getting the idea that I
misinterpreted your statement "We have a web server..." as indicating
that you have control over it that you may not have. You may not be
able to run your web service as root. You may not be able to modify the
services that run on it.

Can you provide some more details on the target and how much access you
have to it?

-jon

-----Original Message-----
From: listbounce (at) securityfocus (dot) com [email concealed] [mailto:listbounce (at) securityfocus (dot) com [email concealed]]
On Behalf Of Ward, Jon
Sent: Wednesday, November 16, 2011 2:50 PM
To: Kathy Simm; pen-test (at) securityfocus (dot) com [email concealed]
Subject: RE: run nmap automatically from index.html (??)

One possible solution:
1.) Use Apache Tomcat and have each client request index.jsp instead of
index.html.
2.) In index.jsp, include lines similar to this (I haven't tested it, so
you may have to fiddle with it.):
String cmd = "./nmap -sS -v -O -P0 " + request.getRemoteAddr()
+ " > " + request.getRemoteAddr() + ".txt &";
Process proc = Runtime.getRuntime().exec(cmd);
3.) Figure out how you're going to keep from filling up the web server's
DASD with loads of nmap output. Think also about the processing power
of the server. If 50 clients all connect and run nmap at the same time,
how's that going to affect things? This could quickly turn into an easy
to DoS your own web server.

Another:
1.) Use Apache Tomcat and have each client request index.jsp instead of
index.html.
2.) In index.jsp, include a Server Side Include tag similar to this, but
change the command to something like the nmap line above.
<!--#exec cmd="cat /etc/passwd"-->

There are (>)hundreds of ways to execute something upon (>)hundreds of
events related to a web server receiving a request. Let your
imagination run wild!!

Jon Ward, CEPT, CISA
Technical Lead - Syntel Information Security
jon_ward (at) syntelinc (dot) com [email concealed]

-----Original Message-----
From: listbounce (at) securityfocus (dot) com [email concealed] [mailto:listbounce (at) securityfocus (dot) com [email concealed]]
On Behalf Of Kathy Simm
Sent: Wednesday, November 16, 2011 8:10 AM
To: pen-test (at) securityfocus (dot) com [email concealed]
Subject: run nmap automatically from index.html (??)

We are doing a pen test for a small company and wish to automate some
things. We have a website inside their Intranet that
when employees scan or visit it we'd like to nmap the box they came
from trying to see if anyone hooks up an authorized computer to their
intranet. Any ideas of how to get=
nmap to run automatically?

Getting a perl script to run nmap is already done but I'm trying to
figure out whether we should monitor the libpcap data or the apache log
files
etc. I'm sure someone else has done this already - can you share some
ideas?
------------------------------------------------------------------------

This list is sponsored by: Information Assurance Certification Review
Board

Prove to peers and potential employers without a doubt that you can
actually do a proper penetration test. IACRB CPT and CEPT certs require
a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------

------------------------------------------------------------------------

This list is sponsored by: Information Assurance Certification Review
Board

Prove to peers and potential employers without a doubt that you can
actually do a proper penetration test. IACRB CPT and CEPT certs require
a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------

------------------------------------------------------------------------

This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------

[ reply ]
Re: run nmap automatically from index.html (??) Nov 16 2011 05:48PM
Mihai Nitulescu (mihai nitulescu gmail com)
RE: run nmap automatically from index.html (??) Nov 16 2011 04:23PM
Kettlewell, Nate \(Kansas City\) (Nate Kettlewell fishnetsecurity com)
Re: run nmap automatically from index.html (??) Nov 16 2011 04:16PM
securityfocus rawchaos com (1 replies)
Re: run nmap automatically from index.html (??) Nov 16 2011 05:26PM
Daniel Miller (bonsaiviking gmail com)
Re: run nmap automatically from index.html (??) Nov 16 2011 03:26PM
Justin Rogosky (jrogosky gmail com) (1 replies)
Re: run nmap automatically from index.html (??) Nov 16 2011 04:47PM
Sarah Loyd (sarahloyd mac com)
Re: run nmap automatically from index.html (??) Nov 16 2011 02:57PM
John Mason Jr (john mason jr cox net)
Re: run nmap automatically from index.html (??) Nov 16 2011 02:56PM
Guillaume Friloux (guillaume friloux asp64 com)


 

Privacy Statement
Copyright 2010, SecurityFocus