User Controls
An Unresponsive Port
-
2016-02-14 at 11:07 PM UTC
These are the other protocols I can use…
enum
{
IPPROTO_IP = 0, /* Dummy protocol for TCP. */
#define IPPROTO_IP IPPROTO_IP
IPPROTO_ICMP = 1, /* Internet Control Message Protocol. */
#define IPPROTO_ICMP IPPROTO_ICMP
IPPROTO_IGMP = 2, /* Internet Group Management Protocol. */
#define IPPROTO_IGMP IPPROTO_IGMP
IPPROTO_IPIP = 4, /* IPIP tunnels (older KA9Q tunnels use 94). */
#define IPPROTO_IPIP IPPROTO_IPIP
IPPROTO_TCP = 6, /* Transmission Control Protocol. */
#define IPPROTO_TCP IPPROTO_TCP
IPPROTO_EGP = 8, /* Exterior Gateway Protocol. */
#define IPPROTO_EGP IPPROTO_EGP
IPPROTO_PUP = 12, /* PUP protocol. */
#define IPPROTO_PUP IPPROTO_PUP
IPPROTO_UDP = 17, /* User Datagram Protocol. */
#define IPPROTO_UDP IPPROTO_UDP
IPPROTO_IDP = 22, /* XNS IDP protocol. */
#define IPPROTO_IDP IPPROTO_IDP
IPPROTO_TP = 29, /* SO Transport Protocol Class 4. */
#define IPPROTO_TP IPPROTO_TP
IPPROTO_DCCP = 33, /* Datagram Congestion Control Protocol. */
#define IPPROTO_DCCP IPPROTO_DCCP
IPPROTO_IPV6 = 41, /* IPv6 header. */
#define IPPROTO_IPV6 IPPROTO_IPV6
IPPROTO_RSVP = 46, /* Reservation Protocol. */
#define IPPROTO_RSVP IPPROTO_RSVP
IPPROTO_GRE = 47, /* General Routing Encapsulation. */
#define IPPROTO_GRE IPPROTO_GRE
IPPROTO_ESP = 50, /* encapsulating security payload. */
#define IPPROTO_ESP IPPROTO_ESP
IPPROTO_AH = 51, /* authentication header. */
#define IPPROTO_AH IPPROTO_AH
IPPROTO_MTP = 92, /* Multicast Transport Protocol. */
#define IPPROTO_MTP IPPROTO_MTP
IPPROTO_BEETPH = 94, /* IP option pseudo header for BEET. */
#define IPPROTO_BEETPH IPPROTO_BEETPH
IPPROTO_ENCAP = 98, /* Encapsulation Header. */
#define IPPROTO_ENCAP IPPROTO_ENCAP
IPPROTO_PIM = 103, /* Protocol Independent Multicast. */
#define IPPROTO_PIM IPPROTO_PIM
IPPROTO_COMP = 108, /* Compression Header Protocol. */
#define IPPROTO_COMP IPPROTO_COMP
IPPROTO_SCTP = 132, /* Stream Control Transmission Protocol. */
#define IPPROTO_SCTP IPPROTO_SCTP
IPPROTO_UDPLITE = 136, /* UDP-Lite protocol. */
#define IPPROTO_UDPLITE IPPROTO_UDPLITE
IPPROTO_RAW = 255, /* Raw IP packets. */
#define IPPROTO_RAW IPPROTO_RAW
IPPROTO_MAX
};
I don't know much about Python, but this looks like it's just a raw socket connection, which I already am doing in Java.
No idea about all the different protocols tbh. Also about the python code, it makes a connection on the specified IP and port then sends data over UDP and the packet data is represented by the 'data' var. -
2016-02-15 at 4 AM UTC
all paping is going to do is test connection establishment, won't tell you anything about the service
the only real way to get anything out of it is to try and guess what protocol it expects and throw data at it until it responds - first thing I'd try is just send some linefeeds via tcp then udp if you get no response, then as sophie suggested, try to guess the service based on the port and send a command in that protocol to see if you get a response. it might be worth using wireshark or tcpdump to inspect the initial connection, as the connect response from the server may give clues as to what the service is.
This is the correct answer, paping doesn't tell you anything above and beyond that you can connect on a port, it's anyone's guess what the protocol is. Spectral just copy pastes things to try to seem smart.
I've never heard of FCP before today so I can't give any specific advice there. One thing you probably know but is worth pointing out anyway: there's no necessary relationship between port numbers and the protocol the listening service speaks. Almost anything will let you pick the port it serves on and some things will specifically choose random ports (this was a quasi-popular thing with video games in the era where LAN gaming was still more popular than matchmaking for whatever reason). I imagine tooling exists for this type of situation, something to test some list of known protocols against a given target, but I'm not sure what it would be. The ole "serve it on a non-standard port" is considered security through obscurity and has been out of fashion as a security measure for a while now. -
2016-02-15 at 6:16 AM UTC
Spectral just copy pastes things to try to seem smart…
And you ban people 30,000 times just to seem superior.
-
2016-02-15 at 6:20 AM UTCWho got banned?
-
2016-02-15 at 6:24 AM UTC
Who got banned?
Lanny banned me over 30,000 times on Zoklet. Then he got banned by zok for doing it. lol
Good times... -
2016-02-15 at 7 AM UTC
Lanny banned me over 30,000 times on Zoklet. Then he got banned by zok for doing it. lol
Good times…
You don't scare me. -
2016-02-15 at 7:01 AM UTCI think -SpectraL is a bot Lanny wrote to post retarded shit over and over again in every thread
-
2016-02-15 at 7:26 AM UTC
I think -SpectraL is a bot Lanny wrote to post retarded shit over and over again in every thread
An interesting prospect. Probably wouldn't be hard. Google the title of every T&T thread, compose a post from a random link on the third page, maybe markov chaining to make an incoherent oneliner that sounds vaguely technical if you don't have context. Then sentiment analysis on every post the quotes the first one, negative sentiment gets the stock "you don't scare me" or "I didn't fall off the turnip truck yesterday", positive gets a random non sequitur story from the "glory days" which is obvious micropenis compensation or a random screencap of totse that doesn't mean anything.
I think it could work.
Sorry spec, if this pans out your services will no longer be required. -
2016-02-15 at 11:27 AM UTCYou mean to tell me I'll be replaced by technology?? This is an outrage!
-
2016-02-15 at 8:31 PM UTC-SpectraL isn't one of bots though.
-
2016-02-17 at 9:37 AM UTCI just thought of this - if trying a few different approaches doesn't work, maybe it's time to fuzz!
I think the most probable case is that it's a udp or tcp port so it'd be most cost effective to try these two first and mess with application layer stuff before messing with transport layer stuff (not all cards or OS's even support other protocols ie. sctp is nice but not supported everywhere). My idea is to just fuzz the hell out of this port. I know nothing of fuzzers except the general idea, but I'd imagine the hammering the port with random data until something clicks could be worthwhile because it can be totally automated and pretty damn fast (ie. java + wlan).
I need to get http://www.amazon.com/Fuzzing-Brute-Force-Vulnerability-Discovery/dp/0321446119/ to figure this shit out. -
2016-02-17 at 7:01 PM UTC
I need to get http://www.amazon.com/Fuzzing-Brute-Force-Vulnerability-Discovery/dp/0321446119/ to figure this shit out.
Damn, no seeds anywhere though...
https://kat.cr/fuzzing-brute-force-vulnerability-discovery-sec-con-aphorist-t10158952.html
The book is nearly ten years old. -
2016-02-17 at 7:44 PM UTCBut if it's an outbound only port, or a null-routed port, and can't receive anything, it would be pointless to attempt to communicate with it.
-
2016-02-18 at 8 AM UTC
Damn, no seeds anywhere though…
https://kat.cr/fuzzing-brute-force-vulnerability-discovery-sec-con-aphorist-t10158952.html
The book is nearly ten years old.
Try bookzz.org too. Damn, there's really very little out there about fuzzing. I found some tools that are easier to setup:
http://tools.kali.org/vulnerability-analysis/sfuzz
https://www.secforce.com/media/tools/proxyfuzz.py.txt (python, woo!)
http://eternal-todo.com/tools/malybuzz-network-fuzzer
And not fuzz-related: http://security.stackexchange.com/a/45039 (nmap - " version detection turned up to 11 " - Im running this against my own router now).
This thread gets my gears turning.
-
2016-02-18 at 8:37 PM UTC
Try bookzz.org too. Damn, there's really very little out there about fuzzing. I found some tools that are easier to setup:
http://tools.kali.org/vulnerability-analysis/sfuzz
https://www.secforce.com/media/tools/proxyfuzz.py.txt (python, woo!)
http://eternal-todo.com/tools/malybuzz-network-fuzzer
And not fuzz-related: http://security.stackexchange.com/a/45039 (nmap - " version detection turned up to 11 " - Im running this against my own router now).
This thread gets my gears turning.
I've come across this tutorial...
https://fuzzing-project.org/tutorial1.html
it uses this tool...
http://caca.zoy.org/wiki/zzuf
Although it appears as if fuzzing is more for software. I'm not sure it it can be done to a port...
