Basic Port Scanning with Python

What You Need

Any computer with Python 2.7 installed.

Purpose

Learn very basic Python networking techniques.

Task 1: Grabbing a Banner

Making A Very Simple Banner Grabber

Using a text editor such as Notepad, enter this code, as shown below:
import socket
s = socket.socket()

s.connect(("ad.samsclass.info", 22))
print s.recv(1024)
s.close()

Save the file as grab.py. Save it in a location where you can find it, such as your Documents folder.

Explanation

The first line imports the "socket" library, which contains networking functions.

The second line creates a socket object named "s".

The third line connects to the server "ad.samsclass.info" on port 22.

The fourth line receives data from the server and prints it, up to a maximum of 1024 characters.

The fifth line closes the connection.

Running the Grabber

In a Command Prompt window, execute these commands to move into your Documents folder and run the grab.py program.

(You will probably need to change "Administrator" to your login name.)

cd C:\Users\Administrator\Documents
python grab.py
You should see an SSH banner, telling you that my server uses Ubuntu Linux, as shown below:


Task 2: Handling Errors

Observing an Error

Disconnect your computer from the Internet.

In a Command Prompt window, execute this command to run the grab.py program.

python grab.py
You see an an ugly and confusing error message, as shown below:

Python's automatically-generated error messages are nasty, so polite programmers handle errors themselves.

Open your grab.py file in Notepad or any other text editor, and change it to the code shown below.

Indentation matters!

Type one "Tab" at the start of each indented line. If you don't align the indented lines exactly the same way, Python will complain and refuse to run them.

Save the modified file.

In a Command Prompt window, execute this command to run the grab.py program.

python grab.py
Now you see a nicer error message, as shown below:

Connect your computer to the Internet and run "grab.py" again. You should see the SSH banner, as shown above.


Task 3: Controlling Timeout

Observing Slow Timeout

Open your grab.py file in Notepad or any other text editor, and change the port number from "22" to "80", as shown below.

Save the modified file.

In a Command Prompt window, execute this command to run the grab.py program.

python grab.py
The program just sits there doing nothing, as shown below:

The script has connected to the server on port 80, but that port has no banner. It'll just sit there waiting for more data from you until the connection times out, which typically takes several minutes.

If you are using Windows, you need to close the Command Prompt window to stop the script.

Shortening the Timeout

To fix this problem, we'll use the settimeout() method.

Open your grab.py file in Notepad or any other text editor, and change the script, as shown below.

Save the modified file.

In a Command Prompt window, execute this command to run the grab.py program.

python grab.py
Now it only takes a few seconds for the program to time out, as shown below:


Task 4: Accepting User Input

The raw_input() method takes input from the user and puts it into a "string" variable -- that is, a variable intended to hold text, such as letters and numbers.

Open your grab.py file in Notepad or any other text editor, and change the script, as shown below.

Save the modified file.

In a Command Prompt window, execute this command to run the grab.py program.

python grab.py
Type 22 and press Enter.

The program fetches the SSH banner, as shown below.

Run the program again, but this time enter 80. The program times out, as shown below.


Challenge 1: Find a Service (10)

There is another service listening on ad.samsclass.info on a port number ending in 000; that is, one of these: 1000, 2000, 3000, etc.

The service you want has a banner starting with "Congratulations! You found the hidden"

Hunt for it until you find it. It starts with "Congratulations," as shown below.

Enter the complete banner into the form below to name on the WINNERS PAGE!

Name:
Banner:

Challenge 2: Port Knocking (20)

There is a hidden service on port 3003. Try connecting to port 3003 using the "grab.py" script you made earlier. It times out, as shown below.

To open the port, you must send these packets to "knock":

  1. A connect() to port 3100
  2. Another connect() to a secret hidden port, which is one of these: (3100, 3200, 3300, 3400, 3500, 3600, 3700, 3800, 3900)
  3. Now a connect() to port 3003 will succeed.
When the server receives the correct knock, port 3003 will open for 5 seconds and then close. You must grab the banner from port 3003 during that brief period. The correct banner starts with "Congratulations", as shown below.

Note: If many students are knocking at the same time, the knockd service may fail to recognize a valid sequence of packets, so you may have to try 2 or 3 times to see the banner.

Hunt for it until you find it. It starts with "Congratulations," as shown below.

Enter the complete banner into the form below to name on the WINNERS PAGE!

Name:
Banner:


Last revised: 8-9-18