Re: [fw-wiz] nmapbot: using instant messaging as a remote administration tool

From: Kevin (
Date: 10/06/04

  • Next message: Bennett Todd: "Re: [fw-wiz] Log checking?"
    To: Abe Usher <>
    Date: Wed, 6 Oct 2004 00:15:01 -0500

    I do not want to discourage you, however this is not new ground.

    On Tue, 05 Oct 2004 00:53:14 -0400, Abe Usher <> wrote:
    > I've created a small proof of concept named "nmapbot" that shows it is
    > possible to use instant messaging as a platform for remote command and
    > control of computer systems.

    I guess you haven't had the joy of dealing with any of the dozens of
    Windows trojans in the past several years (SDbot, etc) which carry
    remote backdoor IRC bots, some of which include nmap explicitly.

    The first documented instance I can find (in a cursory search) of an
    IRC bot with nmap hooks dates to 1999, implemented by Yasholomew

    > Purpose:
    > - --------
    > To create a semi-intelligent security bot that uses instant messaging as
    > a platform for receiving commands and returning results.
    > Method:
    > - -------
    > Using Python, the AOL TOC protocol, Bayesian language processing, and
    > nmap 3.70, I hacked together a little bot that can run nmap and ping.
    > Future editions will include additional commands =)

    Bayesian language processing?

    > Security pundits have been promoting the idea that IM is unsafe for
    > several years...

    Absolutely. However this type of "willing agent" insider attack may
    not be a particularly good example of the reasons why pundits are so
    down on IM protocols across security boundaries.

    > nmapbot provides some new considerations to an old idea -- using
    > ordinarily legitimate communication channels for unintended purposes.

    I'll admit that doing this with AOL Instant Messenger may be a new twist.

    You might want to look into tying into GPG to provide authentication
    of the command channel. With the wrong (or right) options, nmap can
    look a lot like a DoS...

    firewall-wizards mailing list

  • Next message: Bennett Todd: "Re: [fw-wiz] Log checking?"

    Relevant Pages

    • Re: NNTP servers
      ... Yes, nmap can do almost anything, including getting you banned from ... you would call up/ summon/ the boilerplate command and replace ... input the newsserver and it runs the nmap command for the purpose. ...
    • Re: VBScript Help
      ... I think the issue is the launching that nmap through ... how far the script goes, ... wscript.echo "Label 1" ... I have tried running the command with the full path to nmap and actually ...
    • Re: VBScript Help
      ... I think the issue is the launching that nmap ... the command shell is the problem. ... how far the script goes, ... wscript.echo "Label 1" ...
    • Re: problem with nmap options
      ... nmap on my system doesn't ... On my OSX 10.4 laptop I ran the command ... used by groups and create a sticky mess when left laying around" ...
    • Re: Cron job for Redhat up2date not executing
      ... Usenet is not instant messaging. ... >>I'm trying to run up2date nightly using this cron job. ... >>When I just issue the command from the console it works fine. ... > off writing a separate script, testing it, then calling that script from ...