Tuesday, December 18, 2007

Nmap 10th Anniversary Edition (4.50) released

After Two Years a major version change in nmap is here.
The new nmap anniversary edition is available for download.
Here is what the mail from fyodor says

FROM Fyodor

Hi everyone. I'm proud to say that Nmap has reached its 10th
anniversary since I released it in 1997, and it is still going strong!
To celebrate that, Nmap 4.50 has been released. It is the first
stable release in more than a year (there have been dozens of dev
releases), and the first major release since 4.00 two years ago.

In related good news, the movie Bourne Ultimatum was released to DVD
on Tuesday, and is currently the 3rd highest selling DVD on Amazon.
In this movie, the CIA needs to hack the mail server of a newspaper
(The Guardian UK) to read the email of a reporter they
assassinated. So they turn to Nmap and its new official GUI Zenmap
(part of the 4.50 release)! I have screenshots up on
http://insecure.org . Nmap has now appeared in at least five
movies--it has become quite the movie star!

The changelog shows 320 changes since 4.00 with a lot of great stuff
in this release! It has a brand new GUI and results viewer (Zenmap),
a scripting engine allowing you to write your own scripts for
high-performance network discovery (or use one of the 40 scripts
shipped with it), the 2nd generation OS detection system (now with
more than a thousand fingerprints), nearly 1,500 more version
detection signatures, and a lot more! You can read the full release
announcement, which describes the changes as well as future plans,
right here:


Or if you are ready to jump right in, head to the download page:


We don't have an ad budget, so please help spread the word about the
new Nmap. The 4.00 release made Slashdot, Digg, etc. and this release
is even better!

And of course be sure to try it out yourself! Let us know on the
nmap-dev list if you encounter any problems. See
http://insecure.org/nmap/man/man-bugs.html .


!!!!!   Cheeeeeeeerssss to  Fyodor !!!!!

Tuesday, December 4, 2007

An almost invisible ssh connection

In the worse case if you have to ssh on a box, do it every time
with no tty allocation

ssh -T user@host

If you connect to a host with this way, a command like "w" will not
show your connection. Better, add 'bash -i' at the end of the command to
simulate a shell

ssh -T user@host /bin/bash -i

Another trick with ssh is to use the -o option which allow you to
specify a particular know_hosts file (by default it's ~/.ssh/know_hosts).
The trick is to use -o with /dev/null:

ssh -o UserKnownHostsFile=/dev/null -T user@host /bin/bash -i

With this trick the IP of the box you connect to won't be logged in

Using an alias is a good idea.

credits: An artical by Duvel in phrack magazine