Blog de Javier Castañón – JavCastaPosts RSS Comments RSS
Posted in música on Aug 10th, 2009
Audio clip: Adobe Flash Player (version 9 or above) is required to play this audio clip. Download the latest version here. You also need to have JavaScript enabled in your browser.
|
Only if I lied could I love you |
Bandas sonoras alternativas:
|
Posted in HelpDesk, Networking, Scripting, seguridad, Sistemas, soporte, Utilidades on Jun 13th, 2013
Referencia:
Al enviar un ping (icmp echo request) se puede indicar el tamaño del buffer.
Por ejemplo desde windows seria:
x:\> ping -n 1 -l <tamaño-en-bytes 0 a 65500> <destino>
¿Pero que es lo que windows envía en los bytes del buffer?. Para verlo, envié una serie de
pings con buffer 8, 16, 32 y 256 bytes a un Ubuntu con tcpdump (un sniffer) escuchando el tráfico icmp.
usuario@maquina$ sudo tcpdump -A -v icmp
tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
15:26:58.111122 IP (tos 0×0, ttl 128, id 32720, offset 0, flags [none], proto ICMP (1), length 36)
192.168.222.2 > 192.168.222.9: ICMP echo request, id 256, seq 304, length 16
E..$……}…….. ..d:…0abcdefgh……….
15:27:23.074423 IP (tos 0×0, ttl 128, id 13, offset 0, flags [none], proto ICMP (1), length 44)
192.168.222.2 > 192.168.222.9: ICMP echo request, id 256, seq 305, length 24
…..f……. …….1abcdefghijklmnop..
15:27:31.375225 IP (tos 0×0, ttl 128, id 35, offset 0, flags [none], proto ICMP (1), length 60)
192.168.222.2 > 192.168.222.9: ICMP echo request, id 256, seq 306, length 40
E..<.#…..@……. ..K*…2abcdefghijklmnopqrstuvwabcdefghi15:28:21.729381 IP (tos 0×0, ttl 128, id 162, offset 0, flags [none], proto ICMP (1), length 284) 192.168.222.2 > 192.168.222.9: ICMP echo request, id 256, seq 307, length 264
E……………… …….3abcdefghijklmnopqrstuvwabcdefghijklmnopqrstuvwabcdefghijklmnopqr
stuvwabcdefghijklmnopqrstuvwabcdefghijklmnopqrstuvwabcdefghijklmnopqrstuvwabcdefghijklmnopqrstuvw
abcdefghijklmnopqrstuvwabcdefghijklmnopqrstuvwabcdefghijklmnopqrstuvwabcdefghijklmnopqrstuvwabc
Para el buffer de 8 bytes, windows lo rellena con “abcdefgh”
Para el buffer de 16 bytes, windows lo rellena con “abcdefghijklmnop”
Y así sucesivamente, con lo que vemos que usa el alfabeto (hasta la w) para rellenar el buffer con datos.
Como el paquete icmp lo escucho vía sniffer (tarjeta de red en modo promiscuo) no hace falta que la maquina
receptora del ping tenga su firewall que aceptarlo o desecharlo, nos da igual.
Esto me sugerió, que se pueden enviar mensajes en el buffer del ping (icmp echo request) a otra máquina.
(Y para leerlo la maquina receptora tendrá que tenner un sniffer escuchando.)
En Windows, para insertar datos en el buffer del ping, esto se puede hacer con la clase de .Net:
System.net.networkinformation.Ping y Pingreply
Y se me ocurrio un script en PowerShell que implementa la clase System.net.networkinformation.Ping
para enviar mensajes insertado en el buffer.
######################################################
# Envio de mensajes via icmp echo request (ping) #
######################################################
# By Javier Castañon - http://jasvcasta.com/ - 2.013 #
######################################################
# ref http://msdn.microsoft.com/es-es/library/system.net.networkinformation.pingreply.aspx
[void] [System.Reflection.Assembly]::LoadWithPartialName("System.Net.NetworkInformation")
$ping = New-Object System.Net.NetworkInformation.Ping
$datos = "Hola Mundo.
En un lugar de la Mancha de cuyo
nombre no quiero acordarme. Vivia
un tal hidalgo ..."
$buffer = [System.Text.Encoding]::ASCII.GetBytes($datos)
$destino = "192.168.2.9"
$pingreply = $ping.send($destino, 1000, $buffer)
if ($pingreply.Status -eq "Success") {
Write-Host "resultado: OK"
} else { Write-Host "resultado: NO OK - " $pingreply.Status }
Write-Host "Direccion: " $pingreply.Address
Write-Host "Buffer: " $pingreply.Buffer
Write-Host "Buffer length: " $pingreply.Buffer.Length
Write-Host "ttl: "$pingreply.RoundtripTime
# para escuchar en receptor linux-Ubuntu: sudo tcpdump -A -v icmp
La lectura vía sniffer del receptor
usuario@maquina$ sudo tcpdump -A -v icmp
tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
15:58:50.189119 IP (tos 0×0, ttl 128, id 4882, offset 0, flags [none], proto ICMP (1), length 131)
192.168.222.2 > 192.168.222.9: ICMP echo request, id 256, seq 308, length 111
E……….
……. …-…4Hola Mundo.
En un lugar de la Mancha de cuyo
nombre no quiero acordarme. Vivia
un tal hidalgo …
Y voila 
Posted in cisco, HelpDesk, Networking, pfSense, Scripting, seguridad, Sistemas, soporte, Utilidades, virtualización on Jun 10th, 2013
Referencias:
GNS3 viene con una integración más que aceptable con VirtualBox.
Se puede integrar en una topología de red en GNS3 máquinas o hosts virtuales bajo VirtualBox (VirtualBox guest)
ya sean un windows (XP) un linux (Ubuntu 12.04) … o un freeBSD (pfSense).
Voy a integrar en GNS3 una máquina virtual (de VirtualBox) con pfSense 2.03-Release instalado con dos tarjetas de red, una en modo bridge con la nic ethernet del pc, y la otra con VirtualBox Host-Only Network
Lo primero es configurar los parámetros de VirtualBox Guest en GNS3.
Menú Edit > Preferences > VirtualBox > Pestaña: General Settings
Y ejecutar el test (este paso es importante).
Una vez pasado el test vamos a la pestaña: VirtualBox Guest
donde parametrizamos:
Nombre identificador: pfSense
VM List: <elegimos en el desplegable la maquina virtual con pfSense> pfSense203
Nº de nics: según las que tenga la maquina virtual, suelen ser un mínimo de dos para un router/firewall
Desmarco “reverse first nic for virtualbox NAT …” (reservar la primera nic para virtualbox NAT)y tambien desmarco soporte de consola y que empiece en modo oculto la máquina virtual.Salvo la máquina virtual.
En el editor de topología de GNS3, añado un host “VirtualBox Guest” con la maquina virtual pfSense
Añado una nube y le configuro la nic ethernet de mi pc, para que esta topología tenga acceso a Inet.
Al host pfSense le cambio el simbolo de PC al de un router_firewall
Termino de construir la topología, añadiendo un host con una sola nic ( VirtualBox Host-Only Network ) que se conecte al pfSense (mwdiante switch). Y añado un router Cisco 2900, que se conecte a la WAN de pfSense mediante switch.
Es importante que entre una interfaz de un host, ya sea una nube o una maquina virtual, y otro dispositivo de capa 3 haya siempre en medio un switch (dispositivo de capa 2), para evitar errores en el GNS3 (si los conectas directamente presenta errores)
Inicio los dispositivos (Start all devices). Se abrirá la maquina virtual pfSense de VirtualBox.
Y abro una consola del router Cisco R1 que he añadido, para configurarle una ip a su interfaz fa0/0
R1# configure terminal
R1(configure) int fa0/0
R1(configure-if)# ip add 192.168.2.123 255.255.255.0
R1(configure-if)# no sh
Si hago un ping desde pfSense a R1 es exitoso. Pero si hago el ping desde R1 a pfSense no lo es.
Ya que la interfaz WAN del firewall pfSense necesita una regla permisiva para responder a R1
Así que defino una regla, vía navegador (http://ip-pfSense , http://192.168.56.2) que permita cualquier tráfico desde R1 a la interfaz WAN de pfSense
Antes de la regla, pfSense no respondia al ping, y tras aplicar la regla si responde.
Resumiendo. Un lujazo (y free) la integración VirtualBox y GNS3. Y si a esto le añades la posibilidad con Qemu de añadir firewalls Cisco ASA y PIX y routers Juniper, tan solo tendrás por límite en tus labs virtuales la RAM de tu PC
Y voila
Posted in cisco, HelpDesk, Networking, Scripting, seguridad, Sistemas, soporte, Utilidades, virtualización on Jun 7th, 2013
Referencias:
Descargas: ASA 8.4(2) y ASDM 6.4(7):
Plataforma: Windows 7 SP1 Ultimate
Lo primero es configurar en el GNS3 el emulador Quemu para el Cisco ASA:
Menu: Edit > Preferences > Quemu > ASA:
Y parametrizar: Usaré 1GB de RAM (con 512MB no arrancaba correctamente)
Identifier Name: asa-842-1
RAM: 1024 MB
Number of NICs: 6
NIC Mode: e1000
Qemu options: -vnc none -vga none -m 1024 -icount auto -hdachs 980,16,32
Initrd: H:\IOS\ASA\asa842-initrd.gz
Kernel: H:\IOS\ASA\asa842-vmlinuz
Kernel cmd line: -append ide_generic.probe_mask=0×01 ide_core.chs=0.0:980,16,32 auto nousb console=ttyS0,9600 bigphysarea=65536
Salvamos ( botón save ), aplicamos (apply) y OK.
Tras esto, en el editor de topología del GNS3 arastramos un Firewall ASA y construimos la topología que nos interese. Ojo, que la interfaz de gestión por donde accederemos al ASDM ( https://ip ) debe de ser la 0/0, en este caso la GigabitEthernet 0 (Gi0) (o la denominada e0 según la rotula GNS3)
En mi caso conecto el ASA a un switch ethernet y este a una nube (cloud) que es la nic ethernet de mi PC
Arrancamos los dispositivos y abrimos una consola del ASA (tarda unos minutos en ponerse operativo)
done
Freeing initrd memory: 22953k freed
platform rtc_cmos: registered platform RTC device (no PNP device found)
highmem bounce pool size: 64 pages
HugeTLB registered 4 MB page size, pre-allocated 0 pages
bigphysarea: Allocated 16384 pages at 0xe0000000.
msgmni has been set to 668
io scheduler noop registered
io scheduler anticipatory registered (default)
io scheduler deadline registered
io scheduler cfq registered
pci 0000:00:00.0: Limiting direct PCI/PCI transfers
pci 0000:00:01.0: PIIX3: Enabling Passive Release
pci 0000:00:01.0: Activating ISA DMA hang workarounds
Serial: 8250/16550 driver, 4 ports, IRQ sharing disabled
serial8250: ttyS0 at I/O 0x3f8 (irq = 4) is a 16550A
loop: module loaded
pcnet32.c:v1.35 21.Apr.2008 [email protected]
tun: Universal TUN/TAP device driver, 1.6
tun: (C) 1999-2004 Max Krasnyansky <[email protected]>
Uniform Multi-Platform E-IDE driver
ide_generic: please use “probe_mask=0x3f” module parameter for probing all legacy ISA IDE ports
ide-gd driver 1.18
TCP cubic registered
NET: Registered protocol family 17
RPC: Registered udp transport module.
RPC: Registered tcp transport module.
802.1Q VLAN Support v1.8 Ben Greear <[email protected]>
All bugs added by David S. Miller <[email protected]>
TIPC: Activated (version 1.6.4 compiled Jun 15 2011 17:18:15)
NET: Registered protocol family 30
TIPC: Started in single node mode
Using IPI Shortcut mode
Freeing unused kernel memory: 156k freed
Write protecting the kernel text: 1716k
Write protecting the kernel read-only data: 504k
Clocksource tsc unstable (delta = 194037368 ns)
Starting kernel event manager…
Loading hardware drivers…
Intel(R) PRO/1000 Network Driver – version 7.3.21-k3-NAPI
Copyright (c) 1999-2006 Intel Corporation.
e1000 0000:00:02.0: found PCI INT A -> IRQ 9
e1000: 0000:00:02.0: e1000_probe: (PCI:33MHz:32-bit) 00:ab:cd:92:52:00
e1000: eth0: e1000_probe: Intel(R) PRO/1000 Network Connection
e1000 0000:00:03.0: found PCI INT A -> IRQ 11
e1000: 0000:00:03.0: e1000_probe: (PCI:33MHz:32-bit) 00:00:ab:c1:32:01
e1000: eth1: e1000_probe: Intel(R) PRO/1000 Network Connection
e1000 0000:00:04.0: found PCI INT A -> IRQ 9
e1000: 0000:00:04.0: e1000_probe: (PCI:33MHz:32-bit) 00:00:ab:03:83:02
e1000: eth2: e1000_probe: Intel(R) PRO/1000 Network Connection
e100: Intel(R) PRO/100 Network Driver, 3.5.23-k6-NAPI
e100: Copyright(c) 1999-2006 Intel Corporation
!!! …..
loaded.
Initializing random number generator… done.
Starting network…
e1000: eth0 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: RX
device eth0 entered promiscuous mode
e1000: eth1 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: RX
device eth1 entered promiscuous mode
e1000: eth2 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: RX
device eth2 entered promiscuous mode
!!! ………..
Initializing partition – done!
Clocksource tsc unstable (delta = 191070273 ns)
Initializing partition - hda: hda1
done!
mkdosfs 2.11 (12 Mar 2005)System tables written to disk
dosfsck 2.11, 12 Mar 2005, FAT32, LFN
Starting check/repair pass.
Starting verification pass.
/dev/hda1: 0 files, 0/65463 clusters
dosfsck(/dev/hda1) returned 0
FAT: “posix” option is obsolete, not supported now
TIPC: Started in network mode
TIPC: Own node address <1.1.1>, network identity 1234
TIPC: Enabled bearer <eth:tap0>, discovery domain <1.1.0>, priority 10
msrif: module license ‘Cisco Systems, Inc’ taints kernel.
msrif module loaded.
grep: /mnt/disk0/.private/startup-config: No such file or directory
Starting Likewise Service Manager
Processor memory 650117120, Reserved memory: 62914560
WARNING: LINA Monitor notification queue not created
No such file or directory
IMAGE ERROR: An error occurred when reading the controller typeTotal NICs found: 6
secstore_buf_fill: Error reading secure store - buffer 0xddfffb08, size 0×14
key_nv_init: read returned error 1, len 129
L4TM: Unknown ASA ModelINFO: Unable to read firewall mode from flash
Writing default firewall mode (single) to flash
Verify the activation-key, it might take a while…
Failed to retrieve permanent activation key.
Running Permanent Activation Key: 0×00000000 0×00000000 0×00000000 0×00000000 0×00000000
The Running Activation Key is not valid, using default settings:Licensed features for this platform:
Maximum Physical Interfaces : Unlimited perpetual
Maximum VLANs : 100 perpetual
Inside Hosts : Unlimited perpetual
Failover : Disabled perpetual
VPN-DES : Disabled perpetual
VPN-3DES-AES : Disabled perpetual
Security Contexts : 0 perpetual
GTP/GPRS : Disabled perpetual
AnyConnect Premium Peers : 5000 perpetual
AnyConnect Essentials : Disabled perpetual
Other VPN Peers : 5000 perpetual
Total VPN Peers : 0 perpetual
Shared License : Disabled perpetual
AnyConnect for Mobile : Disabled perpetual
AnyConnect for Cisco VPN Phone : Disabled perpetual
Advanced Endpoint Assessment : Disabled perpetual
UC Phone Proxy Sessions : 2 perpetual
Total UC Proxy Sessions : 2 perpetual
Botnet Traffic Filter : Disabled perpetual
Intercompany Media Engine : Disabled perpetualThis platform has an ASA 5520 VPN Plus license.
Cisco Adaptive Security Appliance Software Version 8.4(2)
_le_open: fd:4, name:eth0
—Device eth0 (fd: 4) opened succesful!
_le_open: fd:8, name:eth1
—Device eth1 (fd: 8) opened succesful!
_le_open: fd:9, name:eth2
—Device eth2 (fd: 9) opened succesful!
_le_open: fd:10, name:eth3
—Device eth3 (fd: 10) opened succesful!
_le_open: fd:11, name:eth4
—Device eth4 (fd: 11) opened succesful!
_le_open: fd:12, name:eth5
—Device eth5 (fd: 12) opened succesful!****************************** Warning *******************************
This product contains cryptographic features and is
subject to United States and local country laws
governing, import, export, transfer, and use.
Delivery of Cisco cryptographic products does not
imply third-party authority to import, export,
distribute, or use encryption. Importers, exporters,
distributors and users are responsible for compliance
with U.S. and local country laws. By using this
product you agree to comply with applicable laws and
regulations. If you are unable to comply with U.S.
and local laws, return the enclosed items immediately.A summary of U.S. laws governing Cisco cryptographic
products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.htmlIf you require further assistance please contact us by
sending email to [email protected]
******************************* Warning *******************************Copyright (c) 1996-2011 by Cisco Systems, Inc.
Restricted Rights Legend
Use, duplication, or disclosure by the Government is
subject to restrictions as set forth in subparagraph
(c) of the Commercial Computer Software – Restricted
Rights clause at FAR sec. 52.227-19 and subparagraph
(c) (1) (ii) of the Rights in Technical Data and Computer
Software clause at DFARS sec. 252.227-7013.Cisco Systems, Inc.
170 West Tasman Drive
San Jose, California 95134-1706config_fetcher: channel open failed
ERROR: MIGRATION – Could not get the startup configuration.
COREDUMP UPDATE: open message queue fail: No such file or directory/2INFO: MIGRATION – Saving the startup errors to file ‘flash:upgrade_startup_errors_201306071139.log’
Type help or ‘?’ for a list of available commands.
ciscoasa>
Si todo ha ido bien nos debe aparecer el prompt ciscoasa>
Vamos a configurarlo
ciscoasa> enable !!! cuando pregunte la pass pulsar enter (no se ha configurado todavia pass de enable) Password: ciscoasa# config terminal ciscoasa(config)# !!! Nos pregunta si deseamos enviar informes anónimos a Cisco, contesto No: N ***************************** NOTICE ***************************** Help to improve the ASA platform by enabling anonymous reporting, which allows Cisco to securely receive minimal error and health information from the device. To learn more about this feature, please visit: http://www.cisco.com/go/smartcall Would you like to enable anonymous error reporting to help improve the product? [Y]es, [N]o, [A]sk later: N In the future, if you would like to enable this feature, issue the command "call-home reporting anonymous". Please remember to save your configuration. ciscoasa(config)# !!! Configuro una licencia ciscoasa(config)# activation-key 0x4a3ec071 0x0d86fbf6 0x7cb1bc48 0x8b48b8b0 0xf317c0b5 Validating activation key. This may take a few minutes... Failed to retrieve permanent activation key. Failover is different. running permanent activation key: Restricted(R) new permanent activation key: Unrestricted(UR) WARNING: The running activation key was not updated with the requested key. Proceed with update flash activation key? [confirm] Yes The flash permanent activation key was updated with the requested key, and will become active after the next reload. !!! configuramos ip y nombre interfaz GigaBitEthernet e0 ciscoasa(config)# int GigabitEthernet0 ciscoasa(config-if)# ip add 192.168.2.55 255.255.255.0 ciscoasa(config-if)# no sh ciscoasa(config-if)# nameif asafirewall INFO: Security level for "asafirewall" set to 0 by default. ciscoasa(config-if)# exit !!! habilitamos servidor http ciscoasa(config)# http server enable !!! especificamos quien se puede conectar al servidor http, en este caso todo el segmento 192.168.2.0/24 ciscoasa(config)# http 192.168.2.0 255.255.255.0 asafirewall !!! creamos un usuario y su password "laclave", con máximo nivel de privilegios ciscoasa(config)# username operador password laclave privilege 15 !!! compruebo que hay en la flash ciscoasa(config)# dir Directory of disk0:/ 2 drwx 4096 11:38:54 Jun 07 2013 log 9 drwx 4096 11:39:00 Jun 07 2013 coredumpinfo 11 -rwx 196 11:39:00 Jun 07 2013 upgrade_startup_errors_201306071139.log 268136448 bytes total (268091392 bytes free) !!! copiamos ASDM en la flash vía servidor web
Utilizo el servidor http de la utilidad MobaXterm v6.3
!!! copiamos ASDM en la flash vía servidor web ciscoasa(config)# copy http: flash: Address or name of remote host []? 192.168.2.2 Source filename []? asdm-647.bin Destination filename [asdm-647.bin]? Accessing http://192.168.2.2/asdm-647.bin...!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! Writing current ASDM file disk0:/asdm-647.bin !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! ciscoasa(config)# dir Directory of disk0:/ 2 drwx 4096 11:38:54 Jun 07 2013 log 9 drwx 4096 11:39:00 Jun 07 2013 coredumpinfo 11 -rwx 196 11:39:00 Jun 07 2013 upgrade_startup_errors_201306071139.log 15 -rwx 17902288 12:01:59 Jun 07 2013 asdm-647.bin 268136448 bytes total (250187776 bytes free) ciscoasa(config)# end !!! Copiamos la configuración en la de arranque ciscoasa# copy run st Source filename [running-config]? Cryptochecksum: 4deb8e2f 565f074e 2683ab21 638e2d9e 2340 bytes copied in 0.950 secs !!! Tambien valdria wr ciscoasa# wr Building configuration... Cryptochecksum: 4deb8e2f 565f074e 2683ab21 638e2d9e 2340 bytes copied in 0.870 secs [OK] !! reiniciamos ciscoasa# reload Proceed with reload? [confirm] Yes *** *** --- START GRACEFUL SHUTDOWN --- Shutting down isakmp Shutting down webvpn Shutting down File system *** *** --- SHUTDOWN NOW --- REBOOT: open message queue fail: No such file or directory/2 REBOOT: enforce reboot... restarting system machine restart ...
Nos conectamos via navegador a https://192.168.2.55 y accedemos al configurador del ASDM
Y lanzo la guia o asistente de comienzo (Run startup wizard)
Y ya tenemos instalado un Cisco ASA con ASDM en GNS3
Y voila
Posted in hacking, HelpDesk, Networking, Scripting, seguridad, Sistemas, soporte, Utilidades on May 30th, 2013
Referencias:
Un Zombie o “idle host“, es aquel que su IPID es incremental y por lo tanto predecible, por lo que es vulnerable a ser usado, entre otras cosas, como intermediario o bouncer para escaneos anonimos de otros objetivos.
Para buscar un zombie con Nmap:
nmap –script ipidseq.nse –script-args probeport=<PUERTO> <OBJETIVO-CANDIDATO-A-ZOMBIE>
Para escanear un objetivo vía Zombie:
nmap -sI <ZOMBIE:PUERTO> -Pn <OBJETIVO>
La opción -Pn previene respuestas icmp desde la verdadera IP (en realidad el idle scan es una técnica de spoofing)
Esta es toda la teoria que debemos saber, ahora la pongo en práctica:
Busco si un determinado host (www.EL-OBJETIVO.com) es un Zombie probando en el puerto 80
nmap -vv --script ipidseq.nse --script-args probeport=80 www.EL-OBJETIVO.com
Starting Nmap 6.25 ( http://nmap.org ) at 2013-05-29 10:03 UTC
NSE: Loaded 1 scripts for scanning.
NSE: Script Pre-scanning.
NSE: Starting runlevel 1 (of 1) scan.
Initiating Ping Scan at 10:03
Scanning www.EL-OBJETIVO.com (172.16.20.38) [4 ports]
sendto in send_ip_packet_sd: sendto(6, packet, 40, 0, 172.16.20.38, 16) => Operation not permitted
Offending packet: TCP 192.168.66.6:42327 > 172.16.20.38:80 A ttl=42 id=57190 iplen=10240 seq=0 win=1024
Completed Ping Scan at 10:03, 1.08s elapsed (1 total hosts)
Initiating Parallel DNS resolution of 1 host. at 10:03
Completed Parallel DNS resolution of 1 host. at 10:03, 0.14s elapsed
Initiating SYN Stealth Scan at 10:03
Scanning www.EL-OBJETIVO.com (172.16.20.38) [1000 ports]
Discovered open port 443/tcp on 172.16.20.38
Discovered open port 80/tcp on 172.16.20.38
Discovered open port 1863/tcp on 172.16.20.38
Discovered open port 5190/tcp on 172.16.20.38
Completed SYN Stealth Scan at 10:04, 27.45s elapsed (1000 total ports)
NSE: Script scanning 172.16.20.38.
NSE: Starting runlevel 1 (of 1) scan.
Initiating NSE at 10:04
Completed NSE at 10:04, 0.56s elapsed
Nmap scan report for www.EL-OBJETIVO.com (172.16.20.38)
Host is up (0.088s latency).
Scanned at 2013-05-29 10:03:36 UTC for 29s
Not shown: 996 filtered ports
PORT STATE SERVICE
80/tcp open http
443/tcp open https
1863/tcp open msnp
5190/tcp open aol
Host script results:
|_ipidseq: Incremental!
NSE: Script Post-scanning.
NSE: Starting runlevel 1 (of 1) scan.
Read data files from: /usr/local/share/nmap
Nmap done: 1 IP address (1 host up) scanned in 29.52 seconds
Raw packets sent: 4018 (176.772KB) | Rcvd: 72 (3.712KB)
Que el resultado de la secuencia del ipid sea incremental ( _ipidseq: Incremental! ) indica que es un zombieo idle host
La distro para router-firewall pfSense (basado en FreeBSD) tiene la opción: IP Random id generation
IP Random id generation: Insert a stronger id into IP header of packets passing through the filter.
Replaces the IP identification field of packets with random values to compensate for operating
systems that use predictable values. This option only applies to packets that are not fragmented
after the optional packet reassembly.
Con esta opción hacemos precisamente que los valores de las secuencias del IP ID de pfSense sean aleatorias y no sean predecibles, evitando que se convierta en un zombie o idle host.
Si usas nmap desde pfSense, otra opción que conviene activar temporalmente en pfSense al usar nmap en escaneos tipo idle host, es desactivar el firewall (para que nmap sea efectivo), convirtiendo a pfSense en un simple router
(ojo, que tambien desactiva NAT, por lo que si la maquina esta en “produccion” no os lo aconsejo, dejariais a la red LAN sin salida a Inet y desprotegida)
Disable Firewall: Disable all packet filtering.
Note: This converts pfSense into a routing only platform!Note: This will also turn off NAT!
Otro ejemplo, desde el host bajo pfSense (con el paquete Nmap instalado) voy a ver si un host dentro de mi LAN es un zombie., probando con el puerto 3389
nmap -vv --script ipidseq.nse --script-args probeport=3389 192.168.2.0/24
Obtengo 4 maquinas, donde una parece ser un zombie ( _ipidseq: Incremental! )
Nmap scan report for 192.168.2.2
Host is up (0.00029s latency).
Scanned at 2013-05-30 15:00:17 UTC for 10s
PORT STATE SERVICE
3389/tcp filtered ms-wbt-server
Host script results:
|_ipidseq: Unknown
Nmap scan report for 192.168.2.3
Host is up (-0.20s latency).
Scanned at 2013-05-30 15:00:17 UTC for 10s
PORT STATE SERVICE
3389/tcp filtered ms-wbt-server
Host script results:
|_ipidseq: Incremental!
Nmap scan report for 192.168.2.9
Host is up (-0.14s latency).
Scanned at 2013-05-30 15:00:17 UTC for 11s
PORT STATE SERVICE
3389/tcp filtered ms-wbt-server
Host script results:
|_ipidseq: Unknown
Initiating ARP Ping Scan at 15:00
Initiating SYN Stealth Scan at 15:00
Scanning pfsense.localdomain (192.168.2.254) [1 port]
Completed SYN Stealth Scan at 15:00, 2.00s elapsed (1 total ports)
NSE: Script scanning 192.168.2.254.
NSE: Starting runlevel 1 (of 1) scan.
Initiating NSE at 15:00
Completed NSE at 15:00, 6.00s elapsed
Nmap scan report for pfsense.localdomain (192.168.2.254)
Host is up.
Scanned at 2013-05-30 15:00:28 UTC for 8s
PORT STATE SERVICE
3389/tcp filtered ms-wbt-server
Host script results:
|_ipidseq: Unknown
NSE: Script Post-scanning.
NSE: Starting runlevel 1 (of 1) scan.
Read data files from: /usr/local/share/nmap
Nmap done: 256 IP addresses (4 hosts up) scanned in 19.27 seconds
Raw packets sent: 543 (15.716KB) | Rcvd: 10 (356B)
La máquina 192.168.2.3 (Zombie) via puerto 3389 es un candidato a zombie y como la maquina 192.168.2.2 (Victima) resulta que me filtra todos los escaneos desde pfSense, la voy a escanear el puerto 445 con intermediario el Zombie (192.168.2.3)
nmap -sI 192.168.2.3:3389 -Pn -p445 -r --packet-trace -v 192.168.2.2
Starting Nmap 6.25 ( http://nmap.org ) at 2013-05-30 15:03 UTC
Initiating ARP Ping Scan at 15:03
Scanning 192.168.2.2 [1 port]
SENT (0.0558s) ARP who-has 192.168.2.2 tell 192.168.2.254
RCVD (0.0562s) ARP reply 192.168.2.2 is-at 00:1F:E2:03:A7:BA
Completed ARP Ping Scan at 15:03, 0.20s elapsed (1 total hosts)
NSOCK (0.2570s) nsi_new (IOD #1)
NSOCK (0.2570s) UDP connection requested to 208.67.220.220:53 (IOD #1) EID 8
NSOCK (0.2570s) Read request from IOD #1 [208.67.220.220:53] (timeout: -1ms) EID 18
NSOCK (0.2570s) nsi_new (IOD #2)
NSOCK (0.2570s) UDP connection requested to 8.8.8.8:53 (IOD #2) EID 24
NSOCK (0.2570s) Read request from IOD #2 [8.8.8.8:53] (timeout: -1ms) EID 34
NSOCK (0.2570s) nsi_new (IOD #3)
NSOCK (0.2570s) UDP connection requested to 4.2.2.3:53 (IOD #3) EID 40
NSOCK (0.2570s) Read request from IOD #3 [4.2.2.3:53] (timeout: -1ms) EID 50
Initiating Parallel DNS resolution of 1 host. at 15:03
NSOCK (0.2570s) Write request for 44 bytes to IOD #1 EID 59 [208.67.220.220:53]: .w...........2.2.168.192.in-addr.arpa.....
NSOCK (0.2570s) Callback: CONNECT SUCCESS for EID 8 [208.67.220.220:53]
NSOCK (0.2570s) Callback: WRITE SUCCESS for EID 59 [208.67.220.220:53]
NSOCK (0.2570s) Callback: CONNECT SUCCESS for EID 24 [8.8.8.8:53]
NSOCK (0.2570s) Callback: CONNECT SUCCESS for EID 40 [4.2.2.3:53]
NSOCK (0.3630s) Callback: READ SUCCESS for EID 18 [208.67.220.220:53] (103 bytes)
NSOCK (0.3630s) Read request from IOD #1 [208.67.220.220:53] (timeout: -1ms) EID 66
NSOCK (2.7580s) Write request for 44 bytes to IOD #1 EID 75 [208.67.220.220:53]: .w...........2.2.168.192.in-addr.arpa.....
NSOCK (2.7580s) Callback: WRITE SUCCESS for EID 75 [208.67.220.220:53]
NSOCK (2.8630s) Callback: READ SUCCESS for EID 66 [208.67.220.220:53] (103 bytes)
NSOCK (2.8630s) Read request from IOD #1 [208.67.220.220:53] (timeout: -1ms) EID 82
NSOCK (5.7580s) Write request for 44 bytes to IOD #2 EID 91 [8.8.8.8:53]: .w...........2.2.168.192.in-addr.arpa.....
NSOCK (5.7580s) Callback: WRITE SUCCESS for EID 91 [8.8.8.8:53]
NSOCK (5.8640s) Callback: READ SUCCESS for EID 34 [8.8.8.8:53] (44 bytes): .w...........2.2.168.192.in-addr.arpa.....
NSOCK (5.8640s) Read request from IOD #2 [8.8.8.8:53] (timeout: -1ms) EID 98
NSOCK (5.8640s) nsi_delete (IOD #1)
NSOCK (5.8640s) msevent_cancel on event #82 (type READ)
NSOCK (5.8640s) nsi_delete (IOD #2)
NSOCK (5.8640s) msevent_cancel on event #98 (type READ)
NSOCK (5.8640s) nsi_delete (IOD #3)
NSOCK (5.8640s) msevent_cancel on event #50 (type READ)
Completed Parallel DNS resolution of 1 host. at 15:04, 5.61s elapsed
Initiating idle scan against 192.168.2.2 at 15:04
SENT (5.8644s) TCP 192.168.2.254:42115 > 192.168.2.3:3389 SA ttl=58 id=46658 iplen=44 seq=3020817895 win=1024 <mss 1460>
SENT (5.8976s) TCP 192.168.2.254:42116 > 192.168.2.3:3389 SA ttl=49 id=64470 iplen=44 seq=3020817896 win=1024 <mss 1460>
SENT (5.9306s) TCP 192.168.2.254:42117 > 192.168.2.3:3389 SA ttl=46 id=31599 iplen=44 seq=3020817897 win=1024 <mss 1460>
RCVD (5.8656s) TCP 192.168.2.3:3389 > 192.168.2.254:42115 R ttl=128 id=6409 iplen=40 seq=1656142168 win=0
SENT (5.9636s) TCP 192.168.2.254:42118 > 192.168.2.3:3389 SA ttl=53 id=38802 iplen=44 seq=3020817898 win=1024 <mss 1460>
SENT (5.9966s) TCP 192.168.2.254:42119 > 192.168.2.3:3389 SA ttl=55 id=16823 iplen=44 seq=3020817899 win=1024 <mss 1460>
RCVD (5.8982s) TCP 192.168.2.3:3389 > 192.168.2.254:42116 R ttl=128 id=6410 iplen=40 seq=1656142168 win=0
RCVD (5.9313s) TCP 192.168.2.3:3389 > 192.168.2.254:42117 R ttl=128 id=6411 iplen=40 seq=1656142168 win=0
SENT (6.0296s) TCP 192.168.2.254:42120 > 192.168.2.3:3389 SA ttl=41 id=51439 iplen=44 seq=3020817900 win=1024 <mss 1460>
RCVD (5.9645s) TCP 192.168.2.3:3389 > 192.168.2.254:42118 R ttl=128 id=6412 iplen=40 seq=1656142168 win=0
RCVD (5.9973s) TCP 192.168.2.3:3389 > 192.168.2.254:42119 R ttl=128 id=6413 iplen=40 seq=1656142168 win=0
Idle scan using zombie 192.168.2.3 (192.168.2.3:3389); Class: Incremental
SENT (15.0461s) TCP 192.168.2.2:42114 > 192.168.2.3:3389 SA ttl=49 id=16354 iplen=44 seq=3020817895 win=1024 <mss 1460>
SENT (15.0970s) TCP 192.168.2.2:42114 > 192.168.2.3:3389 SA ttl=55 id=2517 iplen=44 seq=3020817896 win=1024 <mss 1460>
SENT (15.1480s) TCP 192.168.2.2:42114 > 192.168.2.3:3389 SA ttl=40 id=50787 iplen=44 seq=3020817897 win=1024 <mss 1460>
SENT (15.1990s) TCP 192.168.2.2:42114 > 192.168.2.3:3389 SA ttl=59 id=21011 iplen=44 seq=3020817898 win=1024 <mss 1460>
SENT (15.5000s) TCP 192.168.2.254:42179 > 192.168.2.3:3389 SA ttl=54 id=5694 iplen=44 seq=2237308931 win=1024 <mss 1460>
RCVD (6.0305s) TCP 192.168.2.3:3389 > 192.168.2.254:42120 R ttl=128 id=6414 iplen=40 seq=1656142168 win=0
RCVD (15.5012s) TCP 192.168.2.3:3389 > 192.168.2.254:42179 R ttl=128 id=6419 iplen=40 seq=739701181 win=0
SENT (15.5013s) TCP 192.168.2.3:3389 > 192.168.2.2:445 S ttl=44 id=57295 iplen=44 seq=3198776353 win=1024 <mss 1460>
SENT (15.5520s) TCP 192.168.2.254:42209 > 192.168.2.3:3389 SA ttl=48 id=34759 iplen=44 seq=2237309431 win=1024 <mss 1460>
RCVD (15.5556s) TCP 192.168.2.3:3389 > 192.168.2.254:42209 R ttl=128 id=6421 iplen=40 seq=739701181 win=0
SENT (15.6529s) TCP 192.168.2.254:42306 > 192.168.2.3:3389 SA ttl=39 id=333 iplen=44 seq=2237309931 win=1024 <mss 1460>
RCVD (15.6564s) TCP 192.168.2.3:3389 > 192.168.2.254:42306 R ttl=128 id=6422 iplen=40 seq=739701181 win=0
SENT (15.7030s) TCP 192.168.2.3:3389 > 192.168.2.2:445 S ttl=41 id=40099 iplen=44 seq=3198776353 win=1024 <mss 1460>
SENT (15.7539s) TCP 192.168.2.254:42314 > 192.168.2.3:3389 SA ttl=42 id=25570 iplen=44 seq=2237310431 win=1024 <mss 1460>
RCVD (15.7546s) TCP 192.168.2.3:3389 > 192.168.2.254:42314 R ttl=128 id=6424 iplen=40 seq=739701181 win=0
SENT (15.8549s) TCP 192.168.2.254:42351 > 192.168.2.3:3389 SA ttl=45 id=17478 iplen=44 seq=2237310931 win=1024 <mss 1460>
RCVD (15.8555s) TCP 192.168.2.3:3389 > 192.168.2.254:42351 R ttl=128 id=6425 iplen=40 seq=739701181 win=0
Discovered open port 445/tcp on 192.168.2.2
Completed idle scan against 192.168.2.2 at 15:04, 10.04s elapsed (1 ports)
Nmap scan report for 192.168.2.2
Host is up (0.013s latency).
PORT STATE SERVICE
445/tcp open microsoft-ds
MAC Address: 00:XX:XX:XX:XX:XX (Hon Hai Precision Ind. Co.)
Read data files from: /usr/local/share/nmap
Nmap done: 1 IP address (1 host up) scanned in 15.92 seconds
Raw packets sent: 18 (776B) | Rcvd: 12 (468B)
Y efectivamente, parece ser que .2 (Victima) confia en que .3 (Zombie) pueda establecer conexiones a su puerto tcp445 ( 445/tcp open microsoft-ds )
Si hago el scan de los puertos mas comunes de la victima via zombie:
nmap -sI 192.168.2.3:3389 -Pn -r --packet-trace -v 192.168.2.2 ................. Nmap scan report for 192.168.2.2 Host is up (0.15s latency). Not shown: 990 closed|filtered ports PORT STATE SERVICE 135/tcp open msrpc 445/tcp open microsoft-ds 1025/tcp open NFS-or-IIS 1026/tcp open LSA-or-nterm 1027/tcp open IIS 1028/tcp open unknown 1031/tcp open iad2 1580/tcp open tn-tl-r1 5357/tcp open wsdapi 6000/tcp open X11
De donde se infiere que a traves de 192.168.2.3 (que es un XP Pro con SP3 actualizado a día de hoy), 192.168.2.2 es camino abierto
Nota: . Por lo general todos los XP tienen una secuencia IPID incremental, por lo que son candidatos a Zombies.
Y las pruebas que he hecho con un Ubuntu 12.04, un W7 SP1 ultimate y un pfSense 2.03 indican que no tienen una secuencia incremental de IPID.
Y voila
Posted in hacking, HelpDesk, Networking, pfSense, Scripting, seguridad, Sistemas, soporte, Utilidades on May 27th, 2013
Un script ejecutado desde un router-firewall bajo pfSense 2.03-Release (FreeBSD 8.1-Release-p13).
Se trata de escanear con nmap un puerto determinado (tcp23) en un rango de red, en este caso un rango de clase B (/16)
¿Para que hacerlo desde el firewall?. Simple, para no tener que estar añadiendo o retocando
reglas de filtrado de la maquina del operador en el firewall. Normalmente no suele haber auto-restricciones
en un router-firewall para conectarse desde si mismo a un puerto en la WAN.
Esta claro que este script es una prueba de concepto sobre como recorrer un segmento de clase B para ejecutar una tarea. Ya que NMAP permite indicar en el objetivo no solo una IP, sino también redes (p.e: nmap -sV -sC -PN -p23 180.159.0.0/16) ¿Para que hacer un script, si NMAP ya lo hace por si mismo?.
La respuesta es simple: para aprender a hacer un shell script en tcsh bajo pfSense/FreeBSD
En pfSense, se puede instalar el paquete NMAP (desde el menú System > Packages > ) en la versión 6.25
El Script:
#!/bin/tcsh
# pfSernse 2.0.3-RELEASE
# FreeBSD 8.1-RELEASE-p13
#########################################################
# Scan con nmap de puerto tcp en rango de clase B (/16) #
###############################################################
# By Javier Castañon - JavCasta - http://javcasta.com - 2.013 #
###############################################################
# Personalizar rango de red y puerto
set red = "180.159"
set puerto = "23"
foreach i ( `jot 255` )
foreach j ( `jot 255` )
set ip = "${red}.${i}.${j}"
set scan = `nmap -sV -sC -PN -p${puerto} ${ip} | grep "${puerto}/tcp"`
echo "${ip} ${scan}" | grep "open"
end
end
#importante: poner nueva linea despues del end - important: put new line after end
Si lo ejecutas directamente (# ./tuscript.sh ), debes antes darle permisos de ejecución (#chmod +x tuscript.sh) o
simplemente llamarlo con tcsh ( #tcsh tuscript.sh )
Y voila
Posted in hacking, HelpDesk, Networking, Scripting, seguridad, Sistemas, soporte, Utilidades on May 26th, 2013
Referencias:
NMAP no es solo un escanner de puertos e identificador de servicios y OS (Sistemas Operativos).
Posee una característica muy potente y versatil: NSE
The Nmap Scripting Engine (NSE) is one of Nmap’s most powerful and flexible features.
It allows users to write (and share) simple scripts (using the Lua programming language, )
to automate a wide variety of networking tasks.
El motor de scripting de nmap (NSE) es una de las caracteristicas más potentes y flexibles de nmap.
Permite a los usuarios escribir (y compartir) guiones (scripts) simples (usando el lenguaje de programación LUA) para automatizar una amplia variedad de tareas de networking
Existen ya una serie de librerias o módulos en LUA (con extension .lua, alojadas en el directorio nselib de nmap) y una
gran variedad de scripts (con extension .nse, alojados en el directorio scripts de nmap).
Echando un vistazo a los scripts que vienen por defecto con la version 6.25 de Nmap, me encontré con uno llamado:
Que efectivamente hace lo 1º que se nos viene a la mente: Analizar un fichero en virtus total ya sea enviando su hash SHA1, SHA256 o MD5 o subiendo el fichero a VirusTotal.
La linea de comandos para usar el nse script http-virustotal de Nmap seria:
nmap –script http-virustotal –script-args=”apikey=’TU-APIKEY-DE-VIRUSTOTAL’,checksum=’LA-HASH-DEL-FICHERO-A-ANALIZAR’”
nota: La ApiKey de virustotal se obtiene registrandose en https://www.virustotal.com
Como bajo windows no hay un comando nativo para obtener la hash SHA1 o SHA256 o MD5 de un fichero.
Voy a implementar con C# y .Net 2.0 una pequeña utilidad de consola para obtener la hash MD5 de un fichero:
Bajarse: getMD5.exe
getMD5.cs
/*
* Created by SharpDevelop.
* User: JavCasta - http://javcasta.com/
* Date: 26/05/2013
*/
using System;
using System.IO;
using System.Security.Cryptography;
namespace getMD5
{
class Program
{
public static void Main(string[] args)
{
try {
using (var hmd5 = MD5.Create())
{
using (var stream = File.OpenRead(args[0]))
{
string devolver = BitConverter.ToString(hmd5.ComputeHash(stream)).Replace("-","").ToLower();
stream.Close();
stream.Dispose();
Console.WriteLine(devolver);
}
}
} catch (Exception mye) {
Console.WriteLine(mye.Message);
}
}
}
}
Tras compilarlo copio el ejecutable (getMD5.exe) en el directorio de nmap (c:\nmap-6.25\)
Y creo un batch script que tenga como argumento un fichero y obtenga su hash MD5 con getMD5.exe y
via nmap (y el script http-virustotal.nse) consulte con VirusTotal:
nmapVirusTotal.cmd
@echo off setlocal ENABLEDELAYEDEXPANSION REM ======================================================= REM nmapVirusTotal.cmd - by JavCasta - http://javcasta.com/ REM ======================================================= REM uso: nmapVirusTotal.cmd <fichero> REM ======================================================= color 17 mode con cols=135 lines=300 set apikey='38cfffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff' if EXIST %tmp%\elmd5.tmp del %tmp%\elmd5.tmp if NOT "%1" == "" ( getMD5 %1 > %tmp%\elmd5.tmp for /F %%i in (%tmp%\elmd5.tmp) do ( set md5='%%i' nmap --script http-virustotal --script-args="apikey=%apikey%,checksum=!md5!" ) ) ELSE ( @echo Introduce un fichero. ) endlocal
Lo pruebo, analizando el fichero C:\Windows\System32\svchost.exe de un W7 SP1 , que sé que da un positivo sobre 47 motores de antivirus (un falso positivo, o al menos eso esperamos los que usemos W7 )
C:\nmap-6.25>nmapVirusTotal.cmd “C:\windows\System32\svchost.exe”
Starting Nmap 6.25 ( http://nmap.org ) at 2013-05-26 16:04 Hora de verano romance
Pre-scan script results:
| http-virustotal:
| Permalink: https://www.virustotal.com/file/121118a0f5e0e8c933efd28c9901e54e42792619a8a3a6d11e1f0025a7324bc2/analysis/1369574636/
| Scan date: 2013-05-26 13:23:56
| Positives: 1
| digests
| SHA1: 4af001b3c3816b860660cf2de2c0fd3c1dfb4878
| SHA256: 121118a0f5e0e8c933efd28c9901e54e42792619a8a3a6d11e1f0025a7324bc2
| MD5: 54a47f6b5e09a77e61649109c6a08866
| Results
| name result date version
| Agnitum - 20130526 5.5.1.3
| AhnLab-V3 - 20130526 2013.05.27.00
| AntiVir - 20130526 7.11.80.28
| Antiy-AVL - 20130526 2.0.3.7
| Avast - 20130526 6.0.1289.0
| AVG - 20130526 10.0.0.1190
| BitDefender - 20130526 7.2
| ByteHero - 20130517 1.0.0.1
| CAT-QuickHeal - 20130523 12.00
| ClamAV - 20130523 0.97.3.0
| Commtouch - 20130526 5.4.1.7
| Comodo - 20130526 16321
| DrWeb - 20130526
| Emsisoft - 20130526 3.0.0.575
| eSafe Win32.TrojanHorse 20130523 7.0.17.0
| ESET-NOD32 - 20130526 8375
| F-Prot - 20130526 4.7.1.166
| F-Secure - 20130526 11.0.19020.35
| Fortinet - 20130526 5.0.43.0
| GData - 20130526 22
| Ikarus - 20130526 T3.1.4.0.0
| Jiangmin - 20130526 16.0.100
| K7AntiVirus - 20130524 9.168.8751
| K7GW - 20130524 12.7.0.12
| Kaspersky - 20130526 9.0.0.837
| Kingsoft - 20130506 2013.4.9.267
| Malwarebytes - 20130526 1.75.0.1
| McAfee - 20130526 5.400.0.1158
| McAfee-GW-Edition - 20130526 2012.1
| Microsoft - 20130526 1.9506
| MicroWorld-eScan - 20130526 12.0.250.0
| NANO-Antivirus - 20130526 0.24.0.52214
| Norman - 20130525 7.01.04
| nProtect - 20130525 2013-05-25.02
| Panda - 20130526 10.0.3.5
| PCTools - 20130521 9.0.0.2
| Rising - 20130524 24.63.03.04
| Sophos - 20130522 4.89.0
| SUPERAntiSpyware - 20130526 5.6.0.1008
| Symantec - 20130526 20131.1.0.101
| TheHacker - 20130524 None
| TotalDefense - 20130524 37.0.10437
| TrendMicro - 20130526 9.740.0.1012
| TrendMicro-HouseCall - 20130526 9.700.0.1001
| VBA32 - 20130525 3.12.22.1
| VIPRE - 20130526 18122
|_ ViRobot - 20130526 2011.4.7.4223
WARNING: No targets were specified, so 0 hosts scanned.
Nmap done: 0 IP addresses (0 hosts up) scanned in 2.00 seconds
Y voila
ElMundoToday EuropaPress Lo más visto PeriodismoHumano.com Infojobs TecnoempleoEl Camello, el León y el niño. O la evolución del perro al lobo © 2013 Some rights Reserved. :)
Basado en Tema de Wordpress Original iloveMusic | Código PhP/html/css retocado por Javier Castañón
          |
