import socket
s = socket.socket()
s.connect(("ad.samsclass.info", 22))
print(s.recv(1024).decode())
s.close()
Run the program. You should see an SSH banner, telling you that my server uses Ubuntu Linux, as shown below:
Explanation
The first line imports the "socket" library, which contains networking functions.The second line creates a socket object named "s".
The third line connects to the server "ad.samsclass.info" on port 22.
The fourth line receives data from the server and prints it, up to a maximum of 1024 characters.
The fifth line closes the connection.
Run the modified program.
You see an an ugly and confusing error message, as shown below:
Python's automatically-generated error messages are nasty, so polite programmers handle errors themselves.
In a text editor, create a file named grab3.py containing this code, as shown below:
import socket
s = socket.socket()
try:
s.connect(("nowhere.samsclass.info", 22))
print(s.recv(1024).decode())
s.close()
except socket.error as err:
print(err)
In a Command Prompt window, execute this command to run the grab.py program.
python grab.py
Real programmers spend most of their time carefully handling every possible error. But we are nasty red-teamers who just want to break stuff, so we'll skip all that boring stuff from now on.
In the grab4.py file, change the port number from "22" to "80", as shown below.
Run the grab4.py program.
The program just sits there doing nothing. When you get tired of waiting, press Ctrl+C to stop it, as shown below:
The script has connected to the server on port 80, but that port sends no banner. It'll just sit there waiting for more data from you until the connection times out, which typically takes several minutes.
If you are using Windows, you need to close the Command Prompt window to stop the script.
Add a "settimeout" statement to your grab4.py file, as shown below.
Run the modified file.
In a Command Prompt window, execute this command to run the grab.py program.
python grab.py
Copy your grab4.py to a new file named grab5.py.
Edit the grab5.py file to use a variable for the port, as shown below.
Run the modified file.
Type 22 and press Enter.
The program fetches the SSH banner, as shown below.
Run the program again, but this time enter 80. The program times out, as shown below.
Flag VP 200.1: Find a Service (5)
There is another service listening on ad.samsclass.info on a port number ending in 000; that is, one of these: 1000, 2000, 3000, etc.The service you want has a banner starting with "Congratulations! You found the hidden"
Hunt for it until you find it. It starts with "Congratulations," as shown below.
The port number is the flag, covered by a green rectangle in the image below.
Flag VP 200.2: Find a Service (5)
Find a service running on the target1.bowneconsulting.com server on a port between 21000 and 21030.Its banner reveals a flag, covered by a green rectangle in the image below.
Flag VP 200.3: Port Forwarding (10)
Connect to the target1.bowneconsulting.com server on port 22010. Its banner reveals another port to connect to. The next service reveals a flag, as shown below.
Flag VP 200.4: Port Forwarding (15)
Connect to the target1.bowneconsulting.com server on port 22020. Its banner reveals another port to connect to. The next service reveals a flag, as shown below.
