How can I check a socket from a webserver? - sockets

Im doing a challenge (CTF style) and everyting we got is an IP.
Scanning that IP only one port is open.
If I connect to that IP and port using netcat, I got a kind of "dance" doing in CMD, with a message at the end that says "Check socket 12345".
I need to understand again what truly a socket is because im not getting anywhere trying to connect to that socket.
Its possible to connect to a socket from a specific port? or I only can make a connection from a open port and there the web servers redirect my connection automatically to a socket?

You can use netcat nc and its -p option to set the source port.
Netcat man page say:
-p port
local port number (port numbers can be individual or ranges: lo-hi [inclusive])
Try "nc -p 12345 dest_IP dest_port"

Related

understanding binding ports while sending pg_dump command on remote postgres server

i actually use a dbeaver client which executes a pg_dump command
on a remote server. The command starts exactly like that :
pg_dump --verbose --host=127.0.0.1 --port=47855 --username=user-accounet..
i dont't know how dbeaver creates ssh tunnel (it uses a bastion)
but, it is not the question.
the question is : when i excute the command below..
lsof -i -P -n | grep pg_dump
i get this :
pg_dump 14144 parcss-alexco 3u IPv4 397966 0t0 TCP 127.0.0.1:35978->127.0.0.1:47855 (ESTABLISHED)
what is this adress ip : 35978 ?
what kind of binding 35978 --> 47855 means ?
Does it concern a remote ip adresse ? local ?
i'd like to understand..
A TCP connection is between to sockets. A fully specified socket has an IP address and a port number.
pg_dump uses port 47855 on 127.0.0.1 for the remote socket for the connection, but what about the socket on the other end? The IP address is clear, but what is the port number? Since the socket is not explicitly bound to a certain port with bind(2), connect(2) will assign an “ephemeral port” number. This happens to be 35978 in your case.

Bi-directional communication using sockets via ssh tunnel

I have a server host (S) and a bunch of clients (C1, C2, C3, ...). I would like to open connection between S and C1, C2, C3 respectively for bi-directional communication. Ideally using sockets. SSH for authorisation purposes is preferred.
Ideally:
Client C1 creates SSH reverse tunnel to S, forwarding C1's port so it is accessible on S as it's own port.
Client program running on C1 creates a socket and binds to forwarded port.
Server program running on S creates a socket and binds to forwarded port.
Client and server can exchange data.
Is something like that possible? I tried coding up a draft using Python but to no avail:
Firstly, I run on C1: ssh -N -R 9999:localhost:15432 root#example.com - OK
Secondly, on server I run:
import socket
serversocket = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
serversocket.bind(('localhost', 9999))
serversocket.listen(5)
while True:
connection, address = serversocket.accept()
buf = connection.recv(64)
if len(buf) > 0:
print buf
break
Thirdly, on client I run:
import socket
clientsocket = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
clientsocket.connect(('localhost', 15432))
clientsocket.send('hello')
But I'm getting socket.error: [Errno 111] Connection refused on client. Also if I set up tunnel first and then launch server program, I'm getting [Errno 98] Address already in use. It only works when I first start the program, then set up a tunnel.
If aforementioned concept does not make sense, what would you suggest to create sort of synchronisation tool so any client listens for queries from the server and can respond with data? (preferrably in Python).
Thanks in advance.
-N doesn't do what you seem to think it does: it's intended for the ssh-destination to be able to connect back to the originator. But that would make the originating side the server.
It sounds like you should be using -L to simply create a connection from the client through the ssh tunnel to the server.
To demonstrate: I have a local server named 'bree'. On that machine, I execute (this could also be your python server listening on port 9999):
nc -l 9999
Now on my client machine, I execute this in one window (or could put it in the background):
ssh -N -L 9999:bree:9999 bree
This says: listen on the local (client) machine to port 9999, and when a connection to it is made, forward the request through the tunnel, and connect to port 9999 on bree.
Now, in a second window on the client machine, I execute:
nc localhost 9999
The two nc instances are connected.

Redirect port on Windows from loopback to outside

I have a socket that listen on port 6100 on my development machine, whose lan address is 192.168.1.2
I can access the socket and use it with the address 127.0.0.1:6100, but I can't access it from 192.168.1.2:6100 (I need to access the socket from another client on the Lan)
If I type netstat -an | find "6100" on the command prompt I get:
TCP 127.0.0.1:6100 0.0.0.0:0 LISTENING
So I need to redirect all calls to 192.168.1.2:A_RANDOM_PORT to 127.0.0.1:6100
How can i do that?
I tried with:
netsh interface portproxy add v4tov4 listenport=6200 listenaddress=192.168.1.2 connectport=6100 connectaddress=127.0.0.1
But without luck
I've finally been able to accomplish this task, but only using an external tool.
I downloaded "PassPort port forwarding utility" and set up a redirection from 192.168.1.2 to 127.0.0.1
Unfortunately I haven't been able to do that without an external tool.
You failed to post the code concerned, but you bound your listening socket to 127.0.0.1 instead of 0.0.0.0. Just fix that. No oort forwarding required.

Cannot get irssi to work on Bluehost dedicated IP address

I am trying to get irssi to work over SSH on my Bluehost dedicated IP server.
Bluehost support says port 6667 is open, but you have to have an app listening to it, so running nc -l on the server and then telnet'ing in works, but if I run irssi on the server then it can't connect to freenode.net - it says the connection timed out.
If you do nmap -v -sT then you see the 6667/TCP port, but it's listed as closed.
How can get irssi to run using an ssh shell on Bluehost?
It Would be great to have under a Screen session you could re-login to from anywhere.
Make sure that you ask them if 6667 is open outbound TCP and UDP.
Sometimes they can mistake it for inbound or only open TCP for example. You can telnet to your IRC host on port 6667 even if something is not listening on the Bluehost side, assuming IRC is up and accepting connections, and Bluehost has the port opened, a telnet from your Bluehost account to the IRC server will work fine.

TCP/IP default port for sending console messages?

Is there a dedicated port (lower than 1024) specifically for clients to send text based console output to a server? I've googled extensively but to no avail. What's the best port (lower than 1024) for sending text based console output if any?
A port is just a number. You can see well known port assignments in /etc/services.
You need a server application to be listening on the given port to accept your input. There are number of remote terminal protocols and their implementations, among which are Telnet (port 23) and Secure Shell, or SSH (port 22).
The simplest way to test your socket client is to setup netcat on the server to listen on whatever port you want (port is 777 in the example bellow), and then try to connect to it from somewhere else:
server:~# nc -l -p 777
then
client:~$ nc server 777
Note that on Unix you normally need super-user (root) rights to bind "privileged", i.e. bellow 1024, ports.
I'm going to use telnet (port 23) since that's closest to what I want. Sending console messages to a server from a client. okey dokey thanks!