User Controls
What is this?
-
2017-01-19 at 1:05 AM UTClol I want to be a voice over guy to video game and movies like that chick in beyonetta 3 who complained in twitter she wasnt paid enough. who showed white and female privilege right jig? or entitlement? which of the two would you call it?
-
2017-01-19 at 2:24 AM UTCIsn't WebProxy Pre-Alphe just the name of the server/type of service they have running on that port? Also it would seem it's a bunch of IoT nodes connected to the network you are on. AirOS and the PowerBeam bullshit seems to be some type of repeater.
https://www.ubnt.com/airmax/powerbeam-ac-iso/
Here is an idea, try some default credentials. See what the control panels say if anything.
-
2017-01-19 at 2:33 AM UTCyou've been hacked m8 better get a dog
-
2017-01-19 at 2:53 AM UTC192.0.0.0/16 (192.0.*.*) is public internet space, so it could be anyone, likely not Sprint. 192.168.0.0/16 is the private space (among others).
Though sometimes ISPs will use private space the way you are thinking. Your uplink will route you to it as it just pushes the request through the default route and it just so happens there's a machine with that address between you and the Internet. Even though it's their LAN you are able to route to it, of course you could also use the same LAN space, just the default route wouldn't be hit and traffic wouldn't get routed out to the ISP side.
I wouldn't expect that on the 192.168.0.0/16 space though, it would be on 10.0.0.0/8 or 172.whatever.
Post last edited by Merlin at 2017-01-19T02:56:46.683799+00:00The following users say it would be alright if the author of this post didn't die in a fire! -
2017-01-19 at 3:06 AM UTCAs for what it's used for whois is always handy:
$ whois 192.0.10.1
...
NetRange: 192.0.8.0 - 192.0.15.255
CIDR: 192.0.8.0/21
NetName: ZINNIA
NetHandle: NET-192-0-8-0-1
Parent: NET192 (NET-192-0-0-0-0)
NetType: Direct Allocation
OriginAS: AS4323, AS6939
Organization: CalDSL (ZINNI-1)
RegDate: 2012-11-05
Updated: 2015-04-05
Comment: Zinnia Networks Inc dba CalDSL
Ref: https://whois.arin.net/rest/net/NET-192-0-8-0-1
OrgName: CalDSL
OrgId: ZINNI-1
Address: 1660 W Linne Road, Suite H
City: Tracy
StateProv: CA
PostalCode: 95377
Country: US
RegDate: 2004-08-02
Updated: 2012-11-30
Ref: https://whois.arin.net/rest/org/ZINNI-1The following users say it would be alright if the author of this post didn't die in a fire! -
2017-01-19 at 10:04 AM UTCWhat about this WebProxy/1.0 Pre-beta?
-
2017-01-19 at 10:07 AM UTCwhat
-
2017-01-20 at 12:25 AM UTC
Originally posted by SBTlauien What about this WebProxy/1.0 Pre-beta?
I assumed you were asking about the address space in general, that specific machine I don't anything beyond what google would say. You can still fuck with it. Like Sophie said that's just a service on port 80 and not the OS, it may be running other services on other ports. Run the nmap script scan against it.
I don't know the nmap flags off the top of my head, -Sn maybe, will do the normal scan plus OS and service analytics. -
2017-01-20 at 7:53 PM UTC
Originally posted by Sophie Isn't WebProxy Pre-Alphe just the name of the server/type of service they have running on that port? Also it would seem it's a bunch of IoT nodes connected to the network you are on. AirOS and the PowerBeam bullshit seems to be some type of repeater.
https://www.ubnt.com/airmax/powerbeam-ac-iso/
Here is an idea, try some default credentials. See what the control panels say if anything.
Yes, but I am noticing a whole bunch of them. I'm looking in /proc/net/{tcp, tcp6, udp, upd6} files. I have a bunch of IP addresses that lead me to this type of server. Are these enhancementing proxies set up by Sprint?
Like this one, that's in Germany...213.9.111.23..."port-213-009-111-022.dsl.getacom.de"
Or this one that's in Europe...136.173.229.192..."European Parliament"
When you connect to these on port 80, and send a basic "GET" request(requesting /), do you also get a server type of "WebProxy/1.0 Pre-beta"?
I'm trying to figure out why my socket connections return this type of server on many of my open ports. It could be something with my connection though. If I connect to the IP of this site(niggasin.space...167.88.112.49), I get a "set up your server" page, but if I change the host parameter to "niggasin.space", I get this site. So my raw connections seem to be working, but I want to know what these "WebProxy/1.0 Pre-beta" servers are. -
2017-01-20 at 8:19 PM UTCMy guess is it's an embedded http server used by some popular ISP on their modems, which explains a relative homogeneity of them (there are fewer embedded HTTP servers in the world than normal HTTP servers). So what you're hitting are probably residential modems or routers, as the screenshots suggests. Why is it called "WebProxy"? Well in some sense all CGI servers are proxies in that they don't hold application logic, they just shuttle it from a socket to a script, and then from the script back to the socket so it could be that. Or someone could have just picked a name out of a hat.
It's worth mentioning the Server header can lie, it's not unheard of to obfuscate or omit it, there's nothing that actually hinges on it so you can put whatever in there.The following users say it would be alright if the author of this post didn't die in a fire! -
2017-01-20 at 9:50 PM UTCRe-reading your post, are you suggesting that Sprint is doing MITM proxy to those addresses? I don't think so, that would break HTTPS. Also If the address was unreachable and you were hitting a last hop somewhere in ISP land I think there would be some indication, you wouldn't be able to 'GET' anything. I suppose you could ping it to be certain and see what it responds with.
It's CalDSL, not Sprint (unless they are somehow affiliated). And those addresses are going to be an assortment of their customers.
192.0.10.213 for example is a "PowerBeam 5AC 400" which is Ubiquity brand and looks like a commercial router. Residential routers should have saner defaults that don't open themselves to the Internet, but you never know. Ubiquity and Windows server would suggest to me it's commercial space, probably what they have allocated for customer that bought a static IP.The following users say it would be alright if the author of this post didn't die in a fire! -
2017-01-20 at 9:59 PM UTCI'm not so concerned with the 198.0.* addresses anymore. I had thought those were on my LAN and didn't realize that they were public IP address.
So what does each, the 'local address' and the 'remote address', mean within "proc/net/tcp"?
This is where I am getting these IP addresses that point to these proxies.
Post last edited by SBTlauien at 2017-01-21T00:17:53.934617+00:00 -
2017-01-21 at 12:28 AM UTCHere is one from South Korea.
211.192.43.253 ... Korea Telecom?
These are in my proc/net/tcp file. Why? -
2017-01-21 at 12:32 AM UTCDUDE. THAT'S BAD. HOLY SHIT THAT'S FUCKING BAD!
-
2017-01-21 at 12:52 AM UTC
Originally posted by mmQ DUDE. THAT'S BAD. HOLY SHIT THAT'S FUCKING BAD!
Can't be that bad. Are these DNS proxies or something? -
2017-01-21 at 1:01 AM UTC
Originally posted by SBTlauien Can't be that bad. Are these DNS proxies or something?
-
2017-01-21 at 1:05 AM UTC
Originally posted by SBTlauien Can't be that bad. Are these DNS proxies or something?
They might be DNS proxies or whatever.But mQ is trying to be funny. -
2017-01-21 at 1:33 AM UTClol I want to be a voice over guy to video game and movies like that chick in beyonetta 3 who complained in twitter she wasnt paid enough. who showed white and female privilege right jig? or entitlement? which of the two would you call it?
-
2017-01-21 at 2:20 AM UTC
Originally posted by Merlin I looked at my /proc/net/tcp (pc) and nothing seems out of the ordinary, this is on your phone?
Are you certain you are converting the address correctly, for example: 1404A8C0 == 192.168.4.20
edit: it's little endian (aka backwards), and each two hex chars is an octet/byte/quarter ip address
I noticed the addresses were backwards when I had started this. Like the address for this site is backwards in my /proc/net/tcp file. For instance it shows up as '49.112.88.167' rather than '167.88.112.49'. I've just been flipping them manually...
This here is the current code, I mostly came up with, to read and format this. 'item' is an ArrayList of type String. I add to 'item' each entry of the file, in a specific format, so that my program can output it correctly. I need to fix it so that it doesn't display it backwards though. Is it horrible?
item = new ArrayList<>();
String ss[] = new String[4]; ss[0] = "tcp"; ss[1] = "tcp6"; ss[2] = "udp"; ss[3] = "udp6";
for (int ii = 0; ii < ss.length; ii++) {
String s[] = Shells.ShellCommand("catNetTcp", "cat /proc/net/" + ss[ii], false).split("\\r?\\n");
for (int x = 1; x > 0 && x < s.length; x++) {
String ip = s[x].trim().split("\\s+")[1].split(":")[0];
String newIp = "";
String port = s[x].trim().split("\\s+")[1].split(":")[1];
int newPort = Integer.parseInt(port, 16);
for (int i = 0; i < ip.length(); i = i + 2) {
newIp = newIp + Integer.valueOf(ip.substring(i, i + 2), 16) + ".";
}
String remoteIP = s[x].trim().split("\\s+")[2].split(":")[0];
String newRemoteIP = "";
String remotePort = s[x].trim().split("\\s+")[2].split(":")[1];
int newRemotePort = Integer.parseInt(remotePort, 16);
for (int i = 0; i < remoteIP.length(); i = i + 2) {
newRemoteIP = newRemoteIP + Integer.valueOf(remoteIP.substring(i, i + 2), 16) + ".";
}
StringBuilder sb = new StringBuilder();
sb.append("IP: " + newIp.substring(0, newIp.length() - 1) + ":" + newPort + "\n");
sb.append("REMOTE IP: " + newRemoteIP.substring(0, newRemoteIP.length() - 1) + ":" + newRemotePort + "\n");
sb.append("UID: " + s[x].trim().split("\\s+")[7] + "\n");
sb.append("TYPE: " + ss[ii].toUpperCase());
item.add(sb.toString());
}
}
The local/remote is what I'm confused about. I have what appears to be a local AND remote IP. Both different, both public IPs. I was thinking this had to do with IPV6 or something though.
Here's a screen shot of what it looks like, although these addresses are backwards.
Also I am confused on my ip address. When I check these two sites at the same time, it appears as if I have an IPV4 address and an IPV6 address...
-
2017-01-21 at 3:10 AM UTCNo you are correct. As far as why you have both ipv4 and ipv6 this is normal and common on phones for whatever reason. If the website has ipv6 it will use that otherwise it will use the ipv4 address. There's one "find my ip" type site that will do both, I forget which.
To stay simple I'm just looking at ipv4... if I do "ifconfig" or "cat /proc/net/tcp" on my phone I see one public address. If I look up my ip on google I see another. I have no explanation for that, it's as if they are NATing the request, but why bother if I'm already assigned a public ip???
That partially explains the local address funkyness. Remote address, well your phone is definitely making a connection to those addresses. Apps turn this into a bit of a free for all, and if you have pirated apps it's even more likely something is misbehaving.
Code seems fine btw, besides being backwards, which you could fix by processing from ip.length to 0 instead. To be cleaner I would pull the ip and port processing into it's own function.
