A1: Basic Port Scanning with Python (30 pts)

What You Need

A Kali Linux machine, real or virtual. You could use Windows with Python installed, but it's easier to just use Linux.

Purpose

Learn very basic Python networking techniques.

Making A Very Simple Banner Grabber

In Kali Linux, in a Terminal window, execute this command:
nano grab.py
In nano, enter this code, as shown below:
import socket
s = socket.socket()

s.connect(("target1.bowneconsulting.com", 22))
print s.recv(1024)
s.close()

Save the file with Ctrl+X, Y, Enter.

Explanation

The first line imports the "socket" library, which contains networking functions.

The second line creates a socket object named "s".

The third line connects to the server "target1.bowneconsulting.com" on port 22.

The fourth line receives data from the server and prints it, up to a maximum of 1024 characters.

The fifth line closes the connection.

Running the Grabber

In a Terminal window, execute this command:
python grab.py
You should see an SSH banner, as shown below:

Adding a Timeout

Open the grab.py script in nano again.

Change the port number from 22 to 80, as shown below, and save the modified file.

Run the script again. There is no banner from an HTTP server, so it just freezes up, waiting for a banner. To stop the script, press Ctrl+C.

To make it timeout more quickly, add this line to your script, as shown below:

socket.setdefaulttimeout(2)

Run the script again. Now it times out, as shown below.

Using Variables

Execute this command to copy your script to a new script named grab2.py:
cp grab.py grab2.py
Modify grab2.py to use variables for the target and port, as shown below.

Save and run the script--it should time out in a few seconds, just as it did before.

User Input

Modify the program to input the target and port from the user, as shown below.

Save and run the script. Enter a URL and port to scan. The script halts with an error saying "TypeError: an integer is required".

To fix that, enclose the raw_input statement for tport in the int() function, as shown below.

Now the port scanner works. Use it to grab the port 22 banner again, as shown below.


A1.1: Challenge: Find a Service (5 pts)

Find a service running on the target1.bowneconsulting.com server on a port between 21000 and 21030. Its banner reveals a flag, as shown below.


A1.2: Challenge: Port Knocking 1 (10 pts)

Connect to the target1.bowneconsulting.com server on port 22010. Its banner reveals another port to connect to. The next service reveals a flag, as shown below.


A1.3: Challenge: Port Knocking 2 (15 pts)

Connect to the target1.bowneconsulting.com server on port 22020. Its banner reveals another port to connect to. The next service reveals a flag, as shown below.


Posted: 4-1-19

Revised for WCIL 5-20-19