From 5a2b29bab46a04c1062119fcff43be416d4fac00 Mon Sep 17 00:00:00 2001 From: bmantra Date: Sun, 15 Jul 2012 20:08:59 +0200 Subject: [PATCH 1/3] changed description and temp disabled the listening socket as it needs some more testing --- modules/network/nat_pinning_irc/config.yaml | 2 +- modules/network/nat_pinning_irc/module.rb | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/modules/network/nat_pinning_irc/config.yaml b/modules/network/nat_pinning_irc/config.yaml index a44e71913..f70ed701f 100644 --- a/modules/network/nat_pinning_irc/config.yaml +++ b/modules/network/nat_pinning_irc/config.yaml @@ -19,7 +19,7 @@ beef: enable: true category: "Network" name: "IRC NAT Pinning" - description: "Attempts to open closed ports on statefull firewalls and attempts to create pinholes on NAT-devices. The firewall/NAT-device must support IRC connection tracking. On the attackers side the TCP connection just needs to be accepted (nc -l -p 6667). Then you can connect to the victims public IP on that port. For the moment it hasn't been tested with NAT, but it works with iptables when ip_conntrack and ip_conntrack_irc are loaded. For more information, please refer to: http://samy.pl/natpin/ ." + description: "Attempts to open closed ports on statefull firewalls and attempts to create pinholes on NAT-devices. The firewall/NAT-device must support IRC connection tracking. On the attackers side the TCP connection just needs to be accepted (nc -l -p 6667). Then you can connect to the victims public IP on that port. For more information, please refer to: http://samy.pl/natpin/ ." authors: ["Bart Leppens"] target: working: ["FF"] diff --git a/modules/network/nat_pinning_irc/module.rb b/modules/network/nat_pinning_irc/module.rb index 7d898bc65..162654815 100644 --- a/modules/network/nat_pinning_irc/module.rb +++ b/modules/network/nat_pinning_irc/module.rb @@ -15,9 +15,9 @@ # class Irc_nat_pinning < BeEF::Core::Command - def pre_send - BeEF::Core::NetworkStack::Handlers::AssetHandler.instance.bind_socket("IRC", "0.0.0.0", 6667) - end + #def pre_send + # BeEF::Core::NetworkStack::Handlers::AssetHandler.instance.bind_socket("IRC", "0.0.0.0", 6667) + #end def self.options return [ From b7a43144247cd0cd012cde31cefb0ab58b0a17ab Mon Sep 17 00:00:00 2001 From: bmantra Date: Mon, 23 Jul 2012 20:21:36 +0200 Subject: [PATCH 2/3] nat tested --- modules/network/nat_pinning_irc/config.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/network/nat_pinning_irc/config.yaml b/modules/network/nat_pinning_irc/config.yaml index 093cd618a..784c7e7be 100644 --- a/modules/network/nat_pinning_irc/config.yaml +++ b/modules/network/nat_pinning_irc/config.yaml @@ -19,7 +19,7 @@ beef: enable: true category: "Network" name: "IRC NAT Pinning" - description: "Attempts to open closed ports on statefull firewalls and attempts to create pinholes on NAT-devices. The firewall/NAT-device must support IRC connection tracking. BeEF will automatically bind a socket on port 6667 (IRC). Then you can connect to the victims public IP on that port. For the moment it hasn't been tested with NAT, but it works with iptables when ip_conntrack and ip_conntrack_irc are loaded. For more information, please refer to: http://samy.pl/natpin/ ." + description: "Attempts to open closed ports on statefull firewalls and attempts to create pinholes on NAT-devices. The firewall/NAT-device must support IRC connection tracking. BeEF will automatically bind a socket on port 6667 (IRC). Then you can connect to the victims public IP on that port. For more information, please refer to: http://samy.pl/natpin/ ." authors: ["Bart Leppens"] target: working: ["FF"] From 1226ed4b34f366cfbe2230bd801834f673e60194 Mon Sep 17 00:00:00 2001 From: bmantra Date: Mon, 23 Jul 2012 20:30:04 +0200 Subject: [PATCH 3/3] nat tested --- modules/network/nat_pinning_irc/config.yaml | 4 ---- modules/network/nat_pinning_irc/module.rb | 6 +++--- 2 files changed, 3 insertions(+), 7 deletions(-) diff --git a/modules/network/nat_pinning_irc/config.yaml b/modules/network/nat_pinning_irc/config.yaml index 07e50841b..784c7e7be 100644 --- a/modules/network/nat_pinning_irc/config.yaml +++ b/modules/network/nat_pinning_irc/config.yaml @@ -19,11 +19,7 @@ beef: enable: true category: "Network" name: "IRC NAT Pinning" -<<<<<<< HEAD description: "Attempts to open closed ports on statefull firewalls and attempts to create pinholes on NAT-devices. The firewall/NAT-device must support IRC connection tracking. BeEF will automatically bind a socket on port 6667 (IRC). Then you can connect to the victims public IP on that port. For more information, please refer to: http://samy.pl/natpin/ ." -======= - description: "Attempts to open closed ports on statefull firewalls and attempts to create pinholes on NAT-devices. The firewall/NAT-device must support IRC connection tracking. On the attackers side the TCP connection just needs to be accepted (nc -l -p 6667). Then you can connect to the victims public IP on that port. For more information, please refer to: http://samy.pl/natpin/ ." ->>>>>>> 5a2b29bab46a04c1062119fcff43be416d4fac00 authors: ["Bart Leppens"] target: working: ["FF"] diff --git a/modules/network/nat_pinning_irc/module.rb b/modules/network/nat_pinning_irc/module.rb index 65890d517..4a411204a 100644 --- a/modules/network/nat_pinning_irc/module.rb +++ b/modules/network/nat_pinning_irc/module.rb @@ -15,9 +15,9 @@ # class Irc_nat_pinning < BeEF::Core::Command - #def pre_send - # BeEF::Core::NetworkStack::Handlers::AssetHandler.instance.bind_socket("IRC", "0.0.0.0", 6667) - #end + def pre_send + BeEF::Core::NetworkStack::Handlers::AssetHandler.instance.bind_socket("IRC", "0.0.0.0", 6667) + end def self.options return [