I'm trying to set up a malware analysis lab, following the instructions found here:
https://blog.christophetd.fr/malware-analysis-lab-with-virtualbox-inetsim-and-burp/
In setting up inetsim to simulate internet protocols, I keep getting "http_tcp_80 - failed!" everytime I run it. Changing the port it uses in the configuration file to 8080 causes the it to work. When I run it on a different vm, the configuration works as intended.
I have apache also installed on this vm. Could it be interfering?
Edit: I just installed a new vm to try using inetsim without apache installed. HTTP is reported to be running, but now dns_53_tcp_udp is reported to be failing to start. Trying to browse web pages to bring up inetsim's default page fails, regardless of if I use the FQDN or the IP address. The only time I get the page is with localhost. Otherwise, I get server not found. At least I know its not apache.
The error I get with DNS indicates that the 0.0.0.0 ip is already in use, which doesn't make sense to me since 0.0.0.0 is being used to bind the services to all IPs. Changing the inetsim.conf file so "service_bind_address 10.0.0.0" instead of "service_bind_address 0.0.0.0" seems to run dns, but the browser on both the analysis machine and the victim machine still report no server found.
You should stop the Apache server:
service apache2 stop
It works for me.
I guess there are some other processes listening on those ports.
Use
sudo netstat -tulpn | grep LISTEN
It will print out those processes with their pid. For example, 964 is the pid of the first process in this case:
Check if something is occupying your corresponding ports. Shut them down with
sudo kill -9 <pid>
Of course, the busy processes running on those ports may not in listening states but still be able to cause such a problem. So you can check it with
sudo netstat -tulpn
just in case.
Anyway, it does work for me.
Related
The nebula-storage service failed to start, the storage logs show that the port is occupied, but I checked that port 9780 is not occupied either. Also the configuration files are original and unmodified.
There could be several reasons why the nebula-storage service is failing to start:
Another process is already using port 9780. You can use the lsof -i tcp:9780 command to check which process is using the port.
There is a problem with the nebula-storage service itself. You can try restarting the service.
Note - I am fully aware that there are lot of similar issues posted before, but I tried NSG settings, psping but nothing seem to work
All, I brought up a RHEL7.3 server on Azure and installed JDK1.8 and Tomcat8. After starting Tomcat, I tried an http request from my browser:
http://XX.yy.zz.abc:8080/ but I was unable to get the index page
I also created an inbound security rule to allow HTTP and also allow IP range from our company.
Even worse is, when I tried pinging to this IP from my desktop computer, I am unable to ping the same - it is timing out.
Please note that in the past, I've been able to bring up servers and be able to connect from desktops without any issues - in a similar azure-companynetwork setup.
Am I missing anything here?
Ok, so pings do not work, you shouldn't even try that. What you should check is the firewall on you RHEL VM and check you've allowed port 8080 on you NSG, also your VM should have a PublicIP attached
According to your description, you had better check as the following ways:
1.Please ensure you could access your web by using 127.0.0.1:8080 on your VM.
2.Check your service listening.
netstat -ant|grep 8080
Please ensure 8080 is listening on tcp not tcp6.
3.Open firewall port on RHEL.
sudo firewall-cmd --zone=public --add-port=8080/tcp --permanent
More information about RHEL firewall please refer to this link.
4.Open port on Azure NSG.
NSG could be associated with NIC and subnet, you should check all of them.
All,
It looks like there is an input firewall inside of RHEL7.3 that is preventing connections. I just stopped it using
service firewalld stop
I am able to get the home page.
I am running a plex media server for private use on a Ubuntu 16.04 Desktop VM at home. I use it while I'm away on work during the week.
Recently I've been plagued with connection issues. Sometimes it's plex itself that crashes and needs to be restarted and sometimes it's the internet connection (eth0) that needs to be restarted.
I need a little help with a script that I can call via cron to check if the server is remote accessible, if it can reach https://external.address:32400 (please note it only responds to https), if it's not accessible, restart the internet connection (eth0), then check again if it's remote accessible, if it's still not remote accessible then restart the plex media server.
Plex is installed as a service so the call service plexmediaserver restart is how I restart it. I guess as it's a desktop instalation to restart the network the script needs to use service network-manager restart.
I found this post and script but it's very old and outdated.
Hopefully someone can help me out with this.
Thanks in advance.
ok, after doing a little more research on my problems, it turns out I have two different issues, sometimes the VM looses it's bridged connection and sometimes the plex media server crashes.
So, I have split the solution into two simple bash scripts that I call from cron.
The first checks if the internet is working, if not it restarts the VM. Simply restarting network-manager didn't work.
#!/bin/bash
PATH=/opt/someApp/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/$
#Check if the vm can access google.com, if yes then exit
if nc -zw1 google.com 80;
then exit
#If it can't reach google.com restart the vm
else shutdown -r now
fi
The second script checks to see if it can access plex media server locally, if not then it restarts the plex service.
#!/bin/bash
PATH=/opt/someApp/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/$
#Check to see that plex is acessable locally, if yes then exit
if curl -s --head --request GET http://localhost:32400 | grep "200 OK" > /dev/$
then exit
#If not then restart plex service
else
service plexmediaserver restart
fi
Thanks for your suggestions. This is far from an elegant solution, but as I'm pressed for time, it's a solution.
You can use this snippet I found here. You'd put in the IP address you're looking for, and then check the status code against the values found here. If get_status_code returns a code 200, you have remote access.
import httplib
def get_status_code(host, path="/"):
""" This function retreives the status code of a website by requesting
HEAD data from the host. This means that it only requests the headers.
If the host cannot be reached or something else goes wrong, it returns
None instead.
"""
try:
conn = httplib.HTTPConnection(host)
conn.request("HEAD", path)
return conn.getresponse().status
except StandardError:
return None
When I try to start a site in IIS it says:
the process can't access the file because it used by another process
I searched in Google and found that another site may have been using Port 80 but in MyIIS I see that only this site is using Port 80. What else could be using Port 80 or is there another issue involved?
Check using netstat -aon or netstat -aon | findstr 0.0:80 in a command prompt to see which Process Id is LISTENING to port :80 and then watch for that Process Id (PID) in Task Manager with view->select columns-> process id checked. End that process, restart IIS and you are done. (Note: if you have Skype installed, try exiting that process first.)
In a modern Task Manager, you need to go on the Details tab to search for the PID. Or, as mentioned by #Nikita G in the comments, you can use this command to find the task from your command prompt:
tasklist /FI "PID eq 123"
Note: change 123 with the PID returned from the first command.
It is happening because a different process is using port 80, it may be a chat application on your PC like Skype.
First, change the default web site port which was 80 to some unused port (e.g. 8087). To achieve this right click the application and then click on 'Edit Binding'.
After this port change restart again.
Now you can identify which process is blocking the IIS Port 80. To check this use netstat command which displays the details of port along with the process ID.
Sign out of Skype and try again. I have experienced the same issue and I just logged out of Skype and then reset my IIS. It worked for me.
You can also run this command to find out which application or service is using the port and then trace it down in Task manager (Provided it's not the Web Deploy Agent Service).
netstat -o -n -a | findstr 0.0:80
Then open Task manager, go to Processes, click the "Show processes for all users" checkbox and then click the View menu and Go to the Columns, add the PID column.
Match the Process ID from the netstat command to the PID in task manager and you will find the service or application that's using the port.
As others have said, something else may be using port 80 or 443. It was VMWare Workstation Server for me, but check other answers for how to use netstat.
I think this link gives a pretty good explanation and fix of this problem http://support.microsoft.com/KB/890015
Most of the time; it's caused by one of the two reasons:
1) port 80 is being used by something else and as suggested by others you can use netstat -o -n -a |findstr 0.0:80 to see whether this is the case. If yes then kill the process from task manager (tick show processes from all users)
2) if port 80 is not used, the second cause is potentially an invalid ip address in the ListenOnlyList filed in the registry key of HTTP->Parameters. If you follow the link to set the key manually or in fact you can use (xp and server 2003) httpcfg delete iplisten -i ipaddress to delete the invalid ip address.
You must restart the http once you edit the ipaddress!
In my case, it was the "Sync Share Service" (SyncShareSvc) that was running and using port 80.
netstat showed 80 as free, though. I could get the site to run on another port, but not 80. if I added a Host name, IIS would allow me to start the site, but I'd get prompted for Digest authentication when browsing to localhost (or any host name I added). Only Anonymous and Forms Auth were enabled in IIS...
I also found that, after stopping IIS, http://localhost still prompted me for Digest authentication.
The solution - in my case - was to remove File and Storage Services > Files and iSCSI Services >
"Work Folders" from the services installed (restart required).
After removing the "Work Folders" service and restarted, IIS worked as expected.
My case was after installing RD Web Access, the original default websites couldn't be started. Removed the RD Web Access role still same. Removed port 443 binding solved the issue.
Most times when this happens by web developers is the reason apache, so if you go to the config file from apache! open it up and search with ctrl + f to 80 and change the ip you will see to 8080 and the sentence beneath there with 80 to 8080 and you need to confige that in you xampp, or the program u are using currently
Hope I'll help u guys out
In order to get more meaningful information, one way is to also get ownership information when issuing netstat so that you know the process which is using either 80 (default http binding) or 443 (if https binding is defined):
netstat -ab
In my case the culprit was vmware:
TCP 0.0.0.0:443 ComputerName:0 LISTENING
[vmware-hostd.exe]
netstat can be piped into find to search for ports 80 or 443 (e.g. find ":443"), but these particular active connection will show at the beginning of the list at they are easy to see.
Hi I am trying out meteor for first time today.
my symptoms: meteor just hangs when trying to connect to port 3000 (it is listening, checked with lsof and looking at ps) a mongo instance is started on port 3002 but i can not connect to it with mongo (so perhaps neither can node ?)
background: I do already have mongo 2.0.3 installed and running (can it be a conflict?)
What can I do to troubleshoot and get meteor started ?
Site was bugging me to accept an answer or start a bounty...So here is explanation of my comment:
localhost on my machine resolves to ipv6 address first and meteor
binds only to 127.0.0.1.
So to answer the specific question of "how to troubleshoot":
I used lsof -i to verify that the meteor mongo instance was actually listening. This showed me that is was listening on 127.0.0.1. This eliminated the concept of mongo not listening. next i did host my machine's name and noticed the ipv6 came back first. this sparked a hunch and led me to force meteor to connect to 127.0.0.1 instead of localhost and it worked.
Well, check that port 3000 is open netstat -a
try a telnet localhost 3000
Use firefox extension TamperData or any other flow analysis tools to see what's going on at the HTTP level http://tamperdata.mozdev.org/
Have you tried to run against the bundled node and mongodb ?