Daniel,
On Tue, Aug 28, 2012 at 5:11 PM, Daniel Zulla <daniel.zu...@gmail.com> wrote:
> Hi there,
> I have recognized scapy as a dependency of the current w3af.
Cool,
> Also, the current osCommanding plugin seems to use "ping" on a remote host
> to verify a vulnerability.
>
> That's smart. :)
I'm sure I stole it from someone else ;)
> But isn't it smarter / equally smart to let the remote host ping / netcat
> *OUR* server, and check via raw socket / scapy if a ICMP, TCP or UDP packet
> arrived?
>
> I like that idea, but I would like to get some feedback before I hack up the
> plugin.
I like the idea, it's actually a very good one. Some comments though:
* The penalty for using scapy is that the user needs to be root, and
we don't want to ask users to run w3af as root for running a simple
scan. On the other side, the idea is good and should be implemented,
so what I recommend is to have something that looks like this:
if user_running_as_root():
start_sniffing()
send_requests_that_will_ping_back_to_us()
stop_sniffing()
analyze_packets()
else:
warn_user_that_technique_is_only_available_when_root()
* In the warning I would clarify that this technique will help find
some "strange" OS Commanding cases that are NOT found by the
techniques that ARE being run.
* Grep for "ping" in the whole code, you might find other places where
this could be used.
* I wouldn't use this technique as a replacement of any of the already
implemented ones, I would use it as an add-on of the previous ones
don't work
* osCommanding.py changed a lot in the threading2 branch; I recommend
you implement any changes based on that one since it will become the
mainline in a couple of months
> Thanks,
> Daniel
>
> ------------------------------------------------------------------------------
> Live Security Virtual Conference
> Exclusive live event will cover all the ways today's security and
> threat landscape has changed and how IT managers can respond. Discussions
> will include endpoint security, mobile security and the latest in malware
> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
> _______________________________________________
> W3af-develop mailing list
> W3af-develop@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/w3af-develop
>
--
Andrés Riancho
Project Leader at w3af - http://w3af.org/
Web Application Attack and Audit Framework
Twitter: @w3af
GPG: 0x93C344F3
------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
W3af-develop mailing list
W3af-develop@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/w3af-develop
