堆栈内存溢出
  简体   繁体   English

python套接字上的连接被拒绝(端口已打开,我可以与nc连接)

[英]Connection refused on python sockets (port is open, I can connect with nc)

 原文  2017-05-09 00:11:58       python/ sockets/ telnetlib

问题描述

So for personal reasons, I want to connect to a socket I create via telnetlib, I can connect to it from netcat but when I try from python it refuses the connection. 因此出于个人原因,我想连接到通过telnetlib创建的套接字,我可以从netcat连接到它,但是当我从python尝试时,它拒绝连接。 

tn.write(b"/usr/bin/nc -l -p 3333 -e /bin/sh\n")
print("netcat listening on 3333 on target, trying to connect")
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.connect((tn.host, 3333))
s.send('ls')
print(s.recv(1024))
s.close()

If I can connect to it via netcat (by putting for example and infinite loop after tn.write()) 如果我可以通过netcat连接到它(例如在tn.write()之后放置无限循环)

1 个解决方案

解决方案1
 1 已采纳  2017-05-09 14:19:39

You have a classic race condition : 您的比赛条件很经典:

The packet containing the command to start an nc is sent at only nanoseconds before the connection request (TCP SYN packet) of s.connect . 包含启动nc命令的数据包仅在s.connect的连接请求(TCP SYN数据包)之前的十亿分之一秒发送。 It can even happen that the SYN gets to the remote host before the command to start nc . 甚至可能在命令nc启动之前SYN到达远程主机。

You need to add proper synchronization. 您需要添加适当的同步。 From the code you have shown, there is really no need to use two channels in the first place, so why not send the ls via the existing telnet channel to the remote host? 根据您显示的代码,实际上首先不需要使用两个通道,那么为什么不通过现有的telnet通道将ls发送到远程主机呢?

If you absolutely must use a second channel, try one of these options: 如果您绝对必须使用第二个频道,请尝试以下选项之一:

  • Add import time and time.sleep(5) just before calling s.connect . 在调用s.connect之前添加import times.connect time.sleep(5) That way, the connection attempt will be deferred by 5 seconds. 这样,连接尝试将延迟5秒钟。 However, in general, there's no guarantee that 5 seconds is enough. 但是,通常不能保证5秒就足够了。
  • Send an additional command to wait for the port to be taken , as a sign that nc is ready. 发送附加命令以等待端口被占用 ,以表明nc已准备就绪。
  • Retry multiple times (and wait in between). 重试多次(并在之间等待)。

Also note that your code has three different security vulnerabilities: 另请注意,您的代码具有三个不同的安全漏洞:

  1. You are using telnetlib, which neither ensures confidentiality nor integrity of commands, output and passwords. 您正在使用telnetlib,它不能确保命令,输出和密码的机密性或完整性。 Use ssh instead. 请改用ssh。
  2. You are connecting to port 3333 in plain, which neither ensures confidentiality nor integrity of commands and output. 您将以纯格式连接到端口3333,该端口既不能确保命令和输出的机密性也不完整。 Use ssh instead. 请改用ssh。
  3. In between nc starting and your program connecting to it, anyone can connect to port 3333 and run arbitrary commands. 在nc启动和您的程序连接到它之间,任何人都可以连接到端口3333并运行任意命令。 Use ssh instead. 请改用ssh。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 python套接字拒绝连接 - Connection refused with python sockets 为什么我在 Python 中收到错误“连接被拒绝”? (插座) - Why am I getting the error “connection refused” in Python? (Sockets) Errno 111连接在Python套接字编程中被拒绝 - Errno 111 Connection refused in Python sockets programming Python端口侦听器(与NC一样) - Python Port Listener (Like NC) Python Server / Java客户端“连接被拒绝:连接” - Python Server / Java Client “Connection refused: connect” FLASK: curl: (7) 无法连接到 127.0.0.1 端口 5500: 连接被拒绝 - FLASK: curl: (7) Failed to connect to 127.0.0.1 port 5500: Connection refused Mariadb docker容器无法使用Python连接到主机上的MySQL服务器(111连接被拒绝) - Mariadb docker container Can't connect to MySQL server on host (111 Connection refused) with Python Python / Selenium:HTMLUNIT驱动程序连接被拒绝-端口被阻止 - Python/Selenium: HTMLUNIT Driver Connection Refused - Port Blocked Python Flask mongoengine/pymongo:mongo 的端口 27018 上的连接被拒绝 - Python Flask mongoengine/pymongo: Connection refused on port 27018 of mongo 为什么我在尝试将我的 python 客户端连接到服务器时不断收到 [Erno 111] 连接被拒绝? - Why do i keep getting [Erno 111] connection refused while trying to connect my python client to server?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM