NIF: Reactive Injection Attack via Nmap Piggybacking

EasyChair Preprint 10077

Abstract

Network scanning is a common task in cybersecurity. For instance, penetration testers often scan a target system during the initial stage of their vulnerability detection process, e.g., for profiling machines and services. On the other hand, attacker scan remote systems looking for exploitation opportunities. Network scans are generally considered harmless for the victim, as they only consist of a few requests that cause no service interruption or degradation. Nevertheless, as shown in [19], scanning is risky for its author. In this paper, we present a general attack framework that takes advantage of network scans for injecting remote systems. In particular, our proposal leverages the widely adopted scanner Nmap [15] for transmitting attack payloads through the scan responses. If the output of Nmap is processed by an injectable application, e.g., a web browser of a SQL DBMS, our payloads are executed and the scanning system gets compromised.

Keyphrases: Network Scanning, Web Security, injection attack

@booklet{EasyChair:10077,
  author    = {Alessandro Bonfiglio and Gabriele Costa and Silvia De Francisci},
  title     = {NIF: Reactive Injection Attack via Nmap Piggybacking},
  howpublished = {EasyChair Preprint 10077},
  year      = {EasyChair, 2023}}