hacking contest

hacking exploits security forum
hacking
compliance articles
upgrade backup exec
information security consultant
Help - Search - Member List - Calendar
GovernmentSecurity.org > System Security > Windows Systems
Miserly
Oct 31 2004, 04:06 PM
hi,
i'm now already looking for a longer time for a scanline results filter (command line based, but also didn't find a gui wink.gif) or at least a converter, so i can convert it to
ip banner
format.

i've coded a php script, works fine (converts your scanline results to ip banner), the only problem is, it doesn't work with really large files, so if somebody here can code perl (only needs a few string functions, i hope its faster than in php...) or c/c++ or whatever (should be command line based!) i would give him the script with the idea (also works if banner is longer than one line, although i don't know if SL will ever show you more than one line wink.gif), if needed.

hope somebody can help me/code this.

thanks in advance!
btw: also searched at the board, but couldn't really find sth \:
B3T4
Oct 31 2004, 04:11 PM
could u make an example coz im not quite following u but id like to help smile.gif
Miserly
Oct 31 2004, 04:19 PM
input:
CODE
-------------------------------------------------------------------------------
12.345.678.123
Responded in 123 ms.
18 hops away
Responds with ICMP unreachable: No
TCP ports: 123


TCP 123:
[this is a banner]

-------------------------------------------------------------------------------
12.345.678.123
Responded in 123 ms.
11 hops away
Responds with ICMP unreachable: No
TCP ports: 123


TCP 123:
[this is a banner]

-------------------------------------------------------------------------------


etc (of course without duplicates, but this is also only an example wink.gif)

now i want to convert this format to ip banner:
CODE
12.345.678.123 [this is a banner]
12.345.678.123 [this is a banner]

should be the output.

if you could enter search for x in banner, this would also be ok (e.g. you enter look for "banner" than it would find both, would you enter "test" it wouldn't find anything). but i'd somehow prefer the first possibility wink.gif (you can easily filter it later, if you change for what you are looking)

if you can code perl/c/c++ i would send you my php code/a detailed theoretical explaination, shouldn't be too hard to code this. (at php i needed one string function and arrays)
Partizaan
Oct 31 2004, 04:52 PM
scan with TCP Port Scanner V1.1 By WinEggDrop in staid of scanline.

It does the same but gives an better output....
TedOb1
Oct 31 2004, 05:45 PM
i know this isn't exactly what you've asked for but it will do what you want and some of the more proficient perl programmers can convert it with ease.


<scanline output> |FIND /V "ms" |FIND "." >output.txt

there are only two lines in the output (from what i see) that contain a period/periods. this will remove the millisecond line (ms) and pipe the rest to the second "find" which will output the only line with periods it sees, the ip addy
Miserly
Oct 31 2004, 06:04 PM
@Partizaan:
hmm the scanner can't raed ips from a file and then get the banner of the ips, so it's, for me, useless \:

@TedOb1:
i typed this (of course scanline output changed to the textfile) in my command line and then notepad poned and nothing got written to output.txt \:
all i want to do is to get the ip and the banner of the ip in 1 line wink.gif
B3T4
Oct 31 2004, 08:49 PM
i could make an .exe for it written in delphi

QUOTE
-------------------------------------------------------------------------------


those lines are actually there ?
x^r
Oct 31 2004, 10:06 PM
Hi, tried to make some bat given on ur log example here in this thread

QUOTE
@echo off
set IP=
set PORT=
set NEXT_IP=0
set NEXT_BAN=0
set /p SCAN_LOG=Gimmie a log file :

:: note : using 'ü' as token... when this character is in a banner ur missing stuff
::
:: note : need to put every line in a file
::        cant use vars cause bad characters could be in them("|&) etc.
::
FOR /F "tokens=1 delims=ü" %%a IN (%SCAN_LOG%) DO (echo %%a>tmp.txt&& call :CheckLine)
del tmp.txt
pause
exit

:CheckLine
if %NEXT_IP%==1 set NEXT_IP=0&& (FOR /F "tokens=1 delims=ü" %%a IN (tmp.txt) DO set IP=%%a)&& goto :eof
if %NEXT_BAN%==1 set NEXT_BAN=0&& (FOR /F "tokens=1 delims=ü" %%a IN (tmp.txt) DO echo %IP% %PORT% %%a>> output.txt)&& goto :eof
findstr /B /C:"TCP ports:" tmp.txt > nul&& (FOR /F "tokens=3" %%a IN (tmp.txt) DO set PORT=%%a)&& goto :eof
findstr /B /C:"TCP %PORT%:" tmp.txt > nul&& set NEXT_BAN=1&& goto :eof
findstr /B /C:"-------------------------------------------------------------------------------" tmp.txt > nul&& set NEXT_IP=1&& goto :eof
goto :eof


Have you already checked 'fscan.exe' ??

I think its a easier in its log files, its the previous scanline...

Greetz x^r
AgentOrange
Nov 1 2004, 07:08 AM
Ooah man the whole thought of doing this in a .bat file made me vommit (ha, you think i'm jokeing). No dissrespect to r^x, i think its great you are posting code to the public and i encurage you to keep it up. I have a passionate dislike for shell scripting. Most shell scripting languages don't have functionality for mods, thus you HAVE to program speggeti (read:almost useless) code.

Perl is very nice and very powerful. Perl all the way, perl was made for projects like this. This could be done in less than 10 lines of simple perl code. I'll work on it soon...

Peace out
B3T4
Nov 1 2004, 03:37 PM
Ok, done...i hope it is what u are looking for smile.gif
the rar-file includes both exe and .dpr file, so change manually if u like.

To use it u need to give 2 variables, [inputfile] [outputfile]

outputfile will look like this:
QUOTE
12.10.10.123
[this is a banner]

12.45.78.23
[this is a banner]


if u want the have the banners right after the ips that is possible but in my experience a banner consists most of the time of multiple lines so this would be easier for the eye.
AgentOrange
Nov 1 2004, 05:44 PM
Arg i woke up this moring willing to work on this project...

Anway the perl command of choice is split. The code would be somthign like:

$inputfile; # This var is the input file.

@scans = split(/-------/, $inputfile); #how ever many ---- there are, probably 80, #splits that up into an array of scans

foreach $scans(@scans) #takes every var in the array @scans and processes it
{
@temp = Split(/\n/, $scans); # split by newline
$ip = @temp[0]; # arrays start counting at 0
#line number my vary so i'll go by the :
@temp = split(/:/, $scans);
$banner = @temp[3];
print $ip $banner; # no need to load into an array, just dump it into Sout then the #user can pipe it to where ever.
}

This code my have bugs and is missing some stuff, but it has the meat of the program in the foreach loop. I did this to show everyone how easy perl is when it comes to this kind of stuff. I really could have done it last night, but i was lazy.

Peace out
Miserly
Nov 4 2004, 07:05 PM
thx to all user that helped me, tried the batch script and was again surprised how powerful (but also slow \:) batch files are - great work!

i'll also test the other two scripts soon (currently not having so much time )smile.gif, thanks very much for them!
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
 
Invision Power Board © 2001-2005 Invision Power Services, Inc.