CS591 ST 008

Lab 4 (cont)

This lab objective is to send a designated string to Ta server and hopes for a "pass" message in return. Ta has a firewall active which will look for certain key words which when received will send a RST command back to the client.

I have taken the message.txt file and broken up certain key words:
antithesis
consequence
fundamentally
consequence (not found in message.txt)
illuminated
viewpoint

I created a new file called message_new.txt with all these words broken apart onto the next line. The python program reads this new file and sends these lines via sockets over port 8084.

Currently it seems that my program hangs after sending all the message text lines. I'm not sure how to print out the "Success" or "Try Again" result text. One thing I've noticed is that the server uses printf("...") to send the result message but fprintf(stdout, "...") when sending the initial question string. I'm not too sure if this is causing my program from not receiving the final output of failure or success.

If I leave the program hung up, the server eventually returns a "Too slow" message and resets the socket connection.

Here is the source code in Python:
import socket
import time

s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.connect(("10.0.0.3", 8084))

fd=open("message_new.txt", "r")
lines=fd.readlines()
fd.close()

#get question message
print s.recv(1024)

for l in lines:

s.send(l.strip("\n"))
time.sleep(1)

#get pass/fail message - should be "Success!"
print s.recv(1024)

s.close()

I'm assuming this is working since there is no reset while sending the text lines. I just wish I could output the result message from the server to help verify this result.

CS591 ST 008

Lab 4

I downloaded all lab 4 files and read the instructions.

I compiled the server program with gcc on my Linux machine and ran it with port 8080. On another terminal while in the folder with the message file I ran the following command:
>cat message.txt | nc 127.0.0.1 8080

and got the following response:
>What is Prof. Crandall (a.k.a. Jed, a.k.a. J-Dub, whatever you prefer)'s favorite Von Clausewitz quote?
Success!

Now I need to look into how to send raw packets in C.

CS591 ST 008

Lab 3

- What are the IP addresses of all machines on the subnet? How many are there (if you think you've found them all, e-mail me to confirm rather than wasting your time looking for more since there really aren't that many)?
Answer: 192.168.33.2, 192.168.33.80, 192.168.33.22, 192.168.33.40


- What kind of BSD distribution is the BSD server running (e.g., OpenBSD? FreeBSD? NetBSD?)? Can you tell me the exact version?
Answer: Running (JUST GUESSING) : FreeBSD 5.x|6.X (89%)
Aggressive OS guesses: FreeBSD 5.4 or 5.5 (x86) (89%), FreeBSD 6.1-RELEASE through 6.2-BETA3 (x86) (88%), FreeNAS 0.671 (runs FreeBSD 6.1-STABLE) (87%)


- What other ports is the web server listening on besides the HTTP port 80? What else can you tell me about the web server?
Answer: Discovered open port 80/tcp on 192.168.33.80
Discovered open port 22/tcp on 192.168.33.80


- Are there any other machines on the subnet besides these two servers? What can you tell me about that/those machine/machines and the firewall rules that protect it/them? Is it likely intended to be a server or a client?
Answer:


Nmap information:
Different scan types are available for different machines, firewall rules, etc. The default scan is SYN (aka Half-open scan). This sends a SYN packet to the port and listens for a SYN/ACK for an open port of receives a RST for a closed port.

Other scan types can be used where SYN doesn't work. This can be NULL, FIN, XMAS, ACK, along with other types. The NULL scan leaves the TCP header empty. The FIN sets the TCP FIN bit. The XMAS sets the FIN, PSH, and URG bits in the TCP header.

By adding the -O -v options allows Nmap to try to determine the OS type of the machine you are scanning. These flag options allow for Fingerprint (type of device..eg printer, router), Running (OS family and generation), OS details, Uptime guess, etc. to be displayed and used to determine/guess the OS in question.

Here are some example commands I have used for this Lab:
nmap -n --scan-delay 1 ls -vvv -A -PN -p22 -sT 192.168.33.2 -oG output.txt
sudo nmap -sV -O -v 192.168.33.2
sudo nmap -O -v 192.168.33.80


(References - http://nmap.org/book/man.html; http://www.cyberciti.biz/tips/linux-scanning-network-for-open-ports.html; http://www.cyberciti.biz/tips/linux-scanning-network-for-open-ports.html)