User Controls

An Unresponsive Port

  1. #21
    Sophie Pedophile Tech Support
    These are the other protocols I can use…


    enum
    {
    IPPROTO_IP = 0, /* Dummy protocol for TCP. */
    #define IPPROTO_IP IPPROTO_IP
    IPPROTO_ICMP = 1, /* Internet Control Message Protocol. */
    #define IPPROTO_ICMP IPPROTO_ICMP
    IPPROTO_IGMP = 2, /* Internet Group Management Protocol. */
    #define IPPROTO_IGMP IPPROTO_IGMP
    IPPROTO_IPIP = 4, /* IPIP tunnels (older KA9Q tunnels use 94). */
    #define IPPROTO_IPIP IPPROTO_IPIP
    IPPROTO_TCP = 6, /* Transmission Control Protocol. */
    #define IPPROTO_TCP IPPROTO_TCP
    IPPROTO_EGP = 8, /* Exterior Gateway Protocol. */
    #define IPPROTO_EGP IPPROTO_EGP
    IPPROTO_PUP = 12, /* PUP protocol. */
    #define IPPROTO_PUP IPPROTO_PUP
    IPPROTO_UDP = 17, /* User Datagram Protocol. */
    #define IPPROTO_UDP IPPROTO_UDP
    IPPROTO_IDP = 22, /* XNS IDP protocol. */
    #define IPPROTO_IDP IPPROTO_IDP
    IPPROTO_TP = 29, /* SO Transport Protocol Class 4. */
    #define IPPROTO_TP IPPROTO_TP
    IPPROTO_DCCP = 33, /* Datagram Congestion Control Protocol. */
    #define IPPROTO_DCCP IPPROTO_DCCP
    IPPROTO_IPV6 = 41, /* IPv6 header. */
    #define IPPROTO_IPV6 IPPROTO_IPV6
    IPPROTO_RSVP = 46, /* Reservation Protocol. */
    #define IPPROTO_RSVP IPPROTO_RSVP
    IPPROTO_GRE = 47, /* General Routing Encapsulation. */
    #define IPPROTO_GRE IPPROTO_GRE
    IPPROTO_ESP = 50, /* encapsulating security payload. */
    #define IPPROTO_ESP IPPROTO_ESP
    IPPROTO_AH = 51, /* authentication header. */
    #define IPPROTO_AH IPPROTO_AH
    IPPROTO_MTP = 92, /* Multicast Transport Protocol. */
    #define IPPROTO_MTP IPPROTO_MTP
    IPPROTO_BEETPH = 94, /* IP option pseudo header for BEET. */
    #define IPPROTO_BEETPH IPPROTO_BEETPH
    IPPROTO_ENCAP = 98, /* Encapsulation Header. */
    #define IPPROTO_ENCAP IPPROTO_ENCAP
    IPPROTO_PIM = 103, /* Protocol Independent Multicast. */
    #define IPPROTO_PIM IPPROTO_PIM
    IPPROTO_COMP = 108, /* Compression Header Protocol. */
    #define IPPROTO_COMP IPPROTO_COMP
    IPPROTO_SCTP = 132, /* Stream Control Transmission Protocol. */
    #define IPPROTO_SCTP IPPROTO_SCTP
    IPPROTO_UDPLITE = 136, /* UDP-Lite protocol. */
    #define IPPROTO_UDPLITE IPPROTO_UDPLITE
    IPPROTO_RAW = 255, /* Raw IP packets. */
    #define IPPROTO_RAW IPPROTO_RAW
    IPPROTO_MAX
    };




    I don't know much about Python, but this looks like it's just a raw socket connection, which I already am doing in Java.

    No idea about all the different protocols tbh. Also about the python code, it makes a connection on the specified IP and port then sends data over UDP and the packet data is represented by the 'data' var.
  2. #22
    Lanny Bird of Courage
    all paping is going to do is test connection establishment, won't tell you anything about the service


    the only real way to get anything out of it is to try and guess what protocol it expects and throw data at it until it responds - first thing I'd try is just send some linefeeds via tcp then udp if you get no response, then as sophie suggested, try to guess the service based on the port and send a command in that protocol to see if you get a response. it might be worth using wireshark or tcpdump to inspect the initial connection, as the connect response from the server may give clues as to what the service is.

    This is the correct answer, paping doesn't tell you anything above and beyond that you can connect on a port, it's anyone's guess what the protocol is. Spectral just copy pastes things to try to seem smart.

    I've never heard of FCP before today so I can't give any specific advice there. One thing you probably know but is worth pointing out anyway: there's no necessary relationship between port numbers and the protocol the listening service speaks. Almost anything will let you pick the port it serves on and some things will specifically choose random ports (this was a quasi-popular thing with video games in the era where LAN gaming was still more popular than matchmaking for whatever reason). I imagine tooling exists for this type of situation, something to test some list of known protocols against a given target, but I'm not sure what it would be. The ole "serve it on a non-standard port" is considered security through obscurity and has been out of fashion as a security measure for a while now.
  3. #23
    -SpectraL coward [the spuriously bluish-lilac bushman]
    Spectral just copy pastes things to try to seem smart…

    And you ban people 30,000 times just to seem superior.
  4. #24
    SBTlauien African Astronaut
    Who got banned?
  5. #25
    -SpectraL coward [the spuriously bluish-lilac bushman]
    Who got banned?

    Lanny banned me over 30,000 times on Zoklet. Then he got banned by zok for doing it. lol

    Good times...
  6. #26
    SBTlauien African Astronaut
    Lanny banned me over 30,000 times on Zoklet. Then he got banned by zok for doing it. lol

    Good times…

    You don't scare me.
  7. #27
    I think -SpectraL is a bot Lanny wrote to post retarded shit over and over again in every thread
  8. #28
    Lanny Bird of Courage
    I think -SpectraL is a bot Lanny wrote to post retarded shit over and over again in every thread

    An interesting prospect. Probably wouldn't be hard. Google the title of every T&T thread, compose a post from a random link on the third page, maybe markov chaining to make an incoherent oneliner that sounds vaguely technical if you don't have context. Then sentiment analysis on every post the quotes the first one, negative sentiment gets the stock "you don't scare me" or "I didn't fall off the turnip truck yesterday", positive gets a random non sequitur story from the "glory days" which is obvious micropenis compensation or a random screencap of totse that doesn't mean anything.

    I think it could work.

    Sorry spec, if this pans out your services will no longer be required.
  9. #29
    -SpectraL coward [the spuriously bluish-lilac bushman]
    You mean to tell me I'll be replaced by technology?? This is an outrage!
  10. #30
    SBTlauien African Astronaut
    -SpectraL isn't one of bots though.
  11. #31
    LiquidIce Houston
    I just thought of this - if trying a few different approaches doesn't work, maybe it's time to fuzz!

    I think the most probable case is that it's a udp or tcp port so it'd be most cost effective to try these two first and mess with application layer stuff before messing with transport layer stuff (not all cards or OS's even support other protocols ie. sctp is nice but not supported everywhere). My idea is to just fuzz the hell out of this port. I know nothing of fuzzers except the general idea, but I'd imagine the hammering the port with random data until something clicks could be worthwhile because it can be totally automated and pretty damn fast (ie. java + wlan).

    I need to get http://www.amazon.com/Fuzzing-Brute-Force-Vulnerability-Discovery/dp/0321446119/ to figure this shit out.
  12. #32
    SBTlauien African Astronaut
    I need to get http://www.amazon.com/Fuzzing-Brute-Force-Vulnerability-Discovery/dp/0321446119/ to figure this shit out.

    Damn, no seeds anywhere though...

    https://kat.cr/fuzzing-brute-force-vulnerability-discovery-sec-con-aphorist-t10158952.html

    The book is nearly ten years old.
  13. #33
    -SpectraL coward [the spuriously bluish-lilac bushman]
    But if it's an outbound only port, or a null-routed port, and can't receive anything, it would be pointless to attempt to communicate with it.
  14. #34
    LiquidIce Houston
    Damn, no seeds anywhere though…

    https://kat.cr/fuzzing-brute-force-vulnerability-discovery-sec-con-aphorist-t10158952.html

    The book is nearly ten years old.

    Try bookzz.org too. Damn, there's really very little out there about fuzzing. I found some tools that are easier to setup:
    http://tools.kali.org/vulnerability-analysis/sfuzz
    https://www.secforce.com/media/tools/proxyfuzz.py.txt (python, woo!)
    http://eternal-todo.com/tools/malybuzz-network-fuzzer

    And not fuzz-related: http://security.stackexchange.com/a/45039 (nmap - " version detection turned up to 11 " - Im running this against my own router now).

    This thread gets my gears turning.


  15. #35
    SBTlauien African Astronaut
    Try bookzz.org too. Damn, there's really very little out there about fuzzing. I found some tools that are easier to setup:
    http://tools.kali.org/vulnerability-analysis/sfuzz
    https://www.secforce.com/media/tools/proxyfuzz.py.txt (python, woo!)
    http://eternal-todo.com/tools/malybuzz-network-fuzzer

    And not fuzz-related: http://security.stackexchange.com/a/45039 (nmap - " version detection turned up to 11 " - Im running this against my own router now).

    This thread gets my gears turning.

    I've come across this tutorial...

    https://fuzzing-project.org/tutorial1.html

    it uses this tool...

    http://caca.zoy.org/wiki/zzuf

    Although it appears as if fuzzing is more for software. I'm not sure it it can be done to a port...
Jump to Top