nmapbot: using instant messaging as a remote administration tool

From: Abe Usher (abe.usher_at_SHARP-IDEAS.NET)
Date: 10/05/04

  • Next message: NGSSoftware Insight Security Research: "Patch available for multiple high risk vulnerabilities in RealPlayer" 
    Date:         Tue, 5 Oct 2004 01:04:24 -0400
To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    I've created a small proof of concept named "nmapbot" that shows it is
    possible to use instant messaging as a platform for remote command and
    control of computer systems.

    Purpose:
    - --------
    To create a semi-intelligent security bot that uses instant messaging as
    a platform for receiving commands and returning results.

    Method:
    - -------
    Using Python, the AOL TOC protocol, Bayesian language processing, and
    nmap 3.70, I hacked together a little bot that can run nmap and ping.
    Future editions will include additional commands =)

    Security pundits have been promoting the idea that IM is unsafe for
    several years...

    nmapbot provides some new considerations to an old idea -- using
    ordinarily legitimate communication channels for unintended purposes.

    The nmapbot rests squarely on the shoulders of python and projects such
    as Py-AIML, AIMLBayes, GrokItBot, and Reverend. Many thanks to fyodor
    et al. for the excellent tool suite in nmap 3.70.

    If you are interested, you can find source code and documentation for
    nmap bot at:
    http://www.sharp-ideas.net

    Cheers,
    Abe Usher, CISSP

    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.2.4 (MingW32)
    Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

    iD8DBQFBYitYT3X9miqOcSQRAjDWAJwJ6tpwYEIIaKvkR/8MbZyg3a/86ACdH7ag
    APTRNBUj/a5nfPzKuUgTGik=
    =Mdiy
    -----END PGP SIGNATURE----- 

    --
NTBugtraq Editor's Note:
Want to reply to the person who sent this message? This list is configured such that just hitting reply is going to result in the message coming to the list, not to the individual who sent the message. This was done to help reduce the number of Out of Office messages posters received. So if you want to send a reply just to the poster, you'll have to copy their email address out of the message and place it in your TO: field.
--
  • Next message: NGSSoftware Insight Security Research: "Patch available for multiple high risk vulnerabilities in RealPlayer"

    Relevant Pages