Proj 3: Basic Port Scanning with Python (15 pts. + 15 extra credit)

What You Need

A Kali Linux machine, real or virtual. You could use Windows with Python installed, but it's easier to just use Linux.

Purpose

Learn very basic Python networking techniques.

Making A Very Simple Banner Grabber

In Kali Linux, in a Terminal window, execute this command: 
nano grab.py
In nano, enter this code, as shown below: 
import socket
s = socket.socket()

s.connect(("attack.samsclass.info", 22))
print s.recv(1024)
s.close()

Save the file with Ctrl+X, Y, Enter.

Explanation

The first line imports the "socket" library, which contains networking functions.

The second line creates a socket object named "s".

The third line connects to the server "attack.samsclass.info" on port 22.

The fourth line receives data from the server and prints it, up to a maximum of 1024 characters.

The fifth line closes the connection.

Running the Grabber

In a Terminal window, execute this command: 
python grab.py
You should see an SSH banner, as shown below:

Capturing a Screen Image

Make sure the SSH banner is visible, as shown in the image above.

Click on the host system's taskbar, at the bottom of the screen.

Press the PrntScrn key to capture the whole desktop. Open Paint and paste in the image.

Save the image as "Proj 3a from YOUR NAME".

YOU MUST SEND IN A WHOLE-DESKTOP IMAGE FOR FULL CREDIT

Adding a Timeout

Open the grab.py script in nano again.

Change the port number from 22 to 80, as shown below, and save the modified file.

Run the script again. There is no banner from an HTTP server, so it just freezes up, waiting for a banner. To stop the script, press Ctrl+C.

To make it timeout more quickly, add this line to your script, as shown below: 

socket.setdefaulttimeout(2)

Run the script again. Now it times out, as shown below.

Using Variables

Execute this command to copy your script to a new script named grab2.py: 
cp grab.py grab2.py
Modify grab2.py to use variables for the target and port, as shown below.

Save and run the script--it should time out in a few seconds, just as it did before.

Using User Input

Modify the program to input the target and port from the user, as shown below.

Save and run the script. Enter a URL and port to scan. The script halts with an error saying "TypeError: an integer is required".

To fix that, enclose the raw_input statement for tport in the int() function, as shown below.

Now the port scanner works. Use it to grab the port 22 banner again, as shown below.

Capturing a Screen Image

Make sure the Terminal window is visible, showing your user input to select the URL and port, and the SSH banner your script fetched.

Capture a whole-desktop image. Save it as "Proj 3b from YOUR NAME".

YOU MUST SEND IN A WHOLE-DESKTOP IMAGE FOR FULL CREDIT At this point you have completed the main project, and earned 15 points.

Challenge 1: Find a Service (5 pts. extra credit)

There is another service listening on attack.samsclass.info on a port number ending in 000; that is, one of these: 1000, 2000, 3000, etc.

The service you want has a banner starting with "Congratulations! You found the hidden"

Hunt for it until you find it. Capture a whole-desktop image similar to the example below for an additional 5 points. Save the image as "Proj 3c from YOUR NAME".

Challenge 2: Port Knocking (10 pts. extra credit)

There is a hidden service on port 3003. To open it, you must send these packets to "knock":
  1. A SYN to port 3100 (Note: a connect() call sends a SYN)
  2. Another SYN to a secret hidden port, which is one of these: (3100, 3200, 3300, 3400, 3500, 3600, 3700, 3800, 3900)
  3. A 2-second delay (see this link)
When the server receives the correct knock, port 3003 will open for 5 seconds and then close. You must grab the banner from port 3003 during that brief period. The correct banner starts with "Congratulations!"

Note: If many students are knocking at the same time, the knockd service may fail to recognize a valid sequence of packets, so you may have to try 2 or 3 times to see the banner.

Email in a screen capture showing the correct banner from port 3003.

Save the image as "Proj 3d from YOUR NAME".

Turning in Your Project

Send the images to cnit.124@gmail.com with a subject of "Proj 3 from YOUR NAME".

Sources

Python Network Programming
17.2. socket -- Low-level networking interface
How can I make a time delay in Python?
Gotcha -- forgetting parentheses | Python Conquers The Universe

Last revised: 7-27-15 10:43 am