Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Exploits-HackingTools
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[TOOL] Impost - Network Security Auditing and Analyzing Tool

from [SecuriTeam] Network Security [Permanent Link]
Subject: [TOOL] Impost - Network Security Auditing and Analyzing Tool
Date: 31 Aug 2004 18:44:08 +0200 
The following security advisory is sent to the securiteam mailing list, and can 
be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion

The SecuriTeam alerts list - Free, Accurate, Independent.

Get your security news from a reliable source.
http://www.securiteam.com/mailinglist.html 

- - - - - - - - -



  Impost - Network Security Auditing and Analyzing Tool
------------------------------------------------------------------------


SUMMARY



DETAILS

Impost is a network security-auditing tool designed to analyze the 
forensics behind compromised and/or vulnerable daemons. There's two 
different kinds of operating modes used by Impost; It can either act as a 
honey pot and take orders from a Perl script controlling how it responds 
and communicates with connecting clients; or it can operate as a packet 
sniffer and monitor incoming data to specified destination port supplied 
by the command-line arguments.

While running, Impost keeps a history of incoming buffers for every 
connection it has to deal with. These histories are normally dropped when 
a socket is closed or a TH_FIN|TH_ACK flagged packet is received. However, 
if at anytime during a live connection a 'suspicious' buffer is detected, 
Impost will use the history corresponding with the connection to create a 
log file containing all of the received data including the suspicious 
buffer.

A side from creating a log file, Impost will also try to analyze the 
buffer, which had been thought of as suspicious. Some of the things that 
Impost will look for are machine codes, NOP sleds, shellcode signatures 
and a lot of other junk.

Impost is still in early stages of development so there is a lot of work 
that needs to be done. Even in these early stages, Impost proves to be an 
extremely powerful multi-purpose network-debugging tool. Whether you're a 
software developer, a security consultant, systems administrator or hacker 
- you'll find Impost very useful if applied properly to whatever it is you 
do.


ADDITIONAL INFORMATION

The information has been provided by  <mailto:sickbeatz@hotmail.com> 
ziplock.
The tool can be downloaded from:  <http://impost.sourceforge.net/> 
http://impost.sourceforge.net/



======================================== 


This bulletin is sent to members of the SecuriTeam mailing list. 
To unsubscribe from the list, send mail with an empty subject line and body to: 
list-unsubscribe@securiteam.com 
In order to subscribe to the mailing list, simply forward this email to: 
list-subscribe@securiteam.com 


==================== 
==================== 

DISCLAIMER: 
The information in this bulletin is provided "AS IS" without warranty of any 
kind. 
In no event shall we be liable for any damages whatsoever including direct, 
indirect, incidental, consequential, loss of business profits or special 
damages.
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [TOOL] Impost - Network Security Auditing and Analyzing Tool, SecuriTeam <=
Previous by Date:  [NT] Password Protect XSS and SQL Injection Vulnerabilities, SecuriTeam
Previous by Thread:  [NT] Password Protect XSS and SQL Injection Vulnerabilities, SecuriTeam
Indexes:  [Date] [Thread] [Top] [All Lists]