Download PDFOpen PDF in browserNIF: Reactive Injection Attack via Nmap PiggybackingEasyChair Preprint 1007710 pages•Date: May 12, 2023AbstractNetwork scanning is a common task in cybersecurity. For instance, penetration testers often scan a target system during the initial stage of their vulnerability detection process, e.g., for profiling machines and services. On the other hand, attacker scan remote systems looking for exploitation opportunities. Network scans are generally considered harmless for the victim, as they only consist of a few requests that cause no service interruption or degradation. Nevertheless, as shown in [19], scanning is risky for its author. In this paper, we present a general attack framework that takes advantage of network scans for injecting remote systems. In particular, our proposal leverages the widely adopted scanner Nmap [15] for transmitting attack payloads through the scan responses. If the output of Nmap is processed by an injectable application, e.g., a web browser of a SQL DBMS, our payloads are executed and the scanning system gets compromised. Keyphrases: Network Scanning, Web Security, injection attack
|