Packet modifying proxy tool

---

• From: Michael Cain <by_argos@xxxxxxxxxxx>
• Date: Tue, 4 Mar 2008 09:16:24 +0000

---

Hi all,

I am currently doing an internal security assessment and have discovered that I can "jump" to different network segments and bypass router restrictions by utilizing Loose Source Routing. When it comes to port-scanning, nmap performs this task quite well, however I need a proxy tool that can handle source routing in order to allow other tools to reach the destination hosts.
I tried netcat (on Windows source routing is not supported) but it looks like it constructs the IP options in a different way than nmap and hence the destination host does not respond. I have also tried EchoMirage but packet interception and modification begins after a connection has been established which is not what I need.

Could you please suggest any other proxy tools that can handle source routing?

I also include part of the nmap and netcat packets (wireshark extract) and command parameters in case I did something wrong.



*The IPs are not the original ones*


nmap -vv -n -sS -P0 -p 445 --ip-options "L 10.4.2.1" 10.5.2.1
-------------------------------------------------------------
Source: 10.3.2.1 (10.3.2.1)
Destination: 10.4.2.1 (10.4.2.1)
Options: (12 bytes)
NOP
Loose source route (11 bytes)
Pointer: 4
10.4.2.1 <- (current)
10.5.2.1


nc -vv -n -g 10.4.2.1 10.5.2.1 445
----------------------------------
Source: 10.3.2.1 (10.3.2.1)
Destination: 10.4.2.1 (10.4.2.1)
Options: (12 bytes)
Loose source route (11 bytes)
Pointer: 4
10.5.2.1 <- (current)
10.5.2.1
NOP


nc -vv -n -g 10.4.2.1 -g 10.4.2.1 10.5.2.1 445
----------------------------------------------
Source: 10.3.2.1 (10.3.2.1)
Destination: 10.4.2.1 (10.4.2.1)
Options: (16 bytes)
Loose source route (15 bytes)
Pointer: 4
10.4.2.1 <- (current)
10.5.2.1
10.5.2.1
NOP


Thank you,

Demetris


_________________________________________________________________
Telly addicts unite!
http://www.searchgamesbox.com/tvtown.shtml
------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------

---

• Follow-Ups:
  • Re: Packet modifying proxy tool
    • From: Marco Ivaldi

• Prev by Date: Re: Pentesting tool - Commercial
• Next by Date: InfoSec certification EC/BackTrack?
• Previous by thread: Re: Pentesting vs VA - was Pentesting tool - Commercial
• Next by thread: Re: Packet modifying proxy tool
• Index(es):
  • Date
  • Thread

---

Relevant Pages WM_COPYDATA ... whats inside? ... copies the data in an internal buffer ... pointer to an internal copy of the data to the destination and returns ... AFTER the message was processed (whitch would render it pretty useless ... (microsoft.public.vc.mfc) what happens to free()? ... I write a function to copy one memory buffer to anther with ... dynamic allocationg when the destination is not large enough. ... Anther:Is there any way to deside if a pointer is valid or not? ... (comp.lang.c) Re: Oops in swsusp ... > The Oops is caused by a NULL pointer (I don't remember if it was source ... > or destination). ... To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/ ... (Linux-Kernel) Re: Oops in swsusp ... >>The Oops is caused by a NULL pointer (I don't remember if it was source ... >>or destination). ... send the line "unsubscribe linux-kernel" in ... (Linux-Kernel)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(14)