Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

attacker.com not reachable #1

Open
Unline opened this issue Jun 15, 2021 · 5 comments
Open

attacker.com not reachable #1

Unline opened this issue Jun 15, 2021 · 5 comments

Comments

@Unline
Copy link

Unline commented Jun 15, 2021

hey there
there's a problem when I try to reach attacker.com. it gives me a connection refused error
there's also another problem related to the prior state, when I try to run the LOGS script
says error: no container found for vsftp_1
actually vsftp container doesn't remain up, and when I check the "docker ps" output, there's is no vsftp
it runs, but It disappears
please let me know what to do
thanks

@lambdafu
Copy link
Contributor

Hi, unfortunately there are still a couple of glitches when building from scratch, but we are working on it and will keep you updated. Thanks for reporting!

@Unline
Copy link
Author

Unline commented Jun 19, 2021

thank you for your response
please keep us informed of any updates

@nmurilo
Copy link
Contributor

nmurilo commented Jun 22, 2021

I had the same issue. In my case, it was related to the certificate files shared folder.
After I fixed the path (I'm running it on MacOS), the vsftp docker stayed up

@nmurilo
Copy link
Contributor

nmurilo commented Jun 27, 2021

The last stage of the attack is failing " in "d" (RETR payload.html") command, any hints?

Sat Jun 26 23:20:25 2021 [pid 27] FTP command: Client "172.21.0.1", "CONTENT-LENGTH: 631"
Sat Jun 26 23:20:25 2021 [pid 27] FTP response: Client "172.21.0.1", "530 Please login with USER and PASS."
Sat Jun 26 23:20:25 2021 [pid 27] FTP command: Client "172.21.0.1", "ORIGIN: https://attacker.com"
Sat Jun 26 23:20:25 2021 [pid 27] FTP response: Client "172.21.0.1", "530 Please login with USER and PASS."
Sat Jun 26 23:20:25 2021 [pid 27] FTP command: Client "172.21.0.1", "CONNECTION: keep-alive"
Sat Jun 26 23:20:25 2021 [pid 27] FTP response: Client "172.21.0.1", "530 Please login with USER and PASS."
Sat Jun 26 23:20:25 2021 [pid 27] FTP command: Client "172.21.0.1", "REFERER: https://attacker.com/"
Sat Jun 26 23:20:25 2021 [pid 27] FTP response: Client "172.21.0.1", "530 Please login with USER and PASS."
Sat Jun 26 23:20:25 2021 [pid 27] FTP command: Client "172.21.0.1"
Sat Jun 26 23:20:25 2021 [pid 27] FTP command: Client "172.21.0.1", "-----------------------------2612896099323396617250757643"
Sat Jun 26 23:20:25 2021 [pid 27] FTP response: Client "172.21.0.1", "530 Please login with USER and PASS."
Sat Jun 26 23:20:25 2021 [pid 27] FTP command: Client "172.21.0.1", "CONTENT-DISPOSITION: form-data; name="a""
Sat Jun 26 23:20:25 2021 [pid 27] FTP response: Client "172.21.0.1", "530 Please login with USER and PASS."
Sat Jun 26 23:20:25 2021 [pid 27] FTP command: Client "172.21.0.1"
Sat Jun 26 23:20:25 2021 [pid 27] FTP command: Client "172.21.0.1", "USER bob"
Sat Jun 26 23:20:25 2021 [pid 27] [bob] FTP response: Client "172.21.0.1", "331 Please specify the password."
Sat Jun 26 23:20:25 2021 [pid 27] [bob] FTP command: Client "172.21.0.1", "-----------------------------2612896099323396617250757643"
Sat Jun 26 23:20:25 2021 [pid 27] [bob] FTP response: Client "172.21.0.1", "530 Please login with USER and PASS."
Sat Jun 26 23:20:25 2021 [pid 27] [bob] FTP command: Client "172.21.0.1", "CONTENT-DISPOSITION: form-data; name="b""
Sat Jun 26 23:20:25 2021 [pid 27] [bob] FTP response: Client "172.21.0.1", "530 Please login with USER and PASS."
Sat Jun 26 23:20:25 2021 [pid 27] [bob] FTP command: Client "172.21.0.1"
Sat Jun 26 23:20:25 2021 [pid 27] [bob] FTP command: Client "172.21.0.1", "PASS "
Sat Jun 26 23:20:25 2021 [pid 26] [bob] OK LOGIN: Client "172.21.0.1"
Sat Jun 26 23:20:25 2021 [pid 28] [bob] FTP response: Client "172.21.0.1", "230 Login successful."
Sat Jun 26 23:20:25 2021 [pid 28] [bob] FTP command: Client "172.21.0.1", "-----------------------------2612896099323396617250757643"
Sat Jun 26 23:20:25 2021 [pid 28] [bob] FTP response: Client "172.21.0.1", "500 Unknown command."
Sat Jun 26 23:20:25 2021 [pid 28] [bob] FTP command: Client "172.21.0.1", "CONTENT-DISPOSITION: form-data; name="b""
Sat Jun 26 23:20:25 2021 [pid 28] [bob] FTP response: Client "172.21.0.1", "500 Unknown command."
Sat Jun 26 23:20:25 2021 [pid 28] [bob] FTP command: Client "172.21.0.1"
Sat Jun 26 23:20:25 2021 [pid 28] [bob] FTP command: Client "172.21.0.1", "TYPE I"
Sat Jun 26 23:20:25 2021 [pid 28] [bob] FTP response: Client "172.21.0.1", "200 Switching to Binary mode."
Sat Jun 26 23:20:25 2021 [pid 28] [bob] FTP command: Client "172.21.0.1", "-----------------------------2612896099323396617250757643"
Sat Jun 26 23:20:25 2021 [pid 28] [bob] FTP response: Client "172.21.0.1", "500 Unknown command."
Sat Jun 26 23:20:25 2021 [pid 28] [bob] FTP command: Client "172.21.0.1", "CONTENT-DISPOSITION: form-data; name="c""
Sat Jun 26 23:20:25 2021 [pid 28] [bob] FTP response: Client "172.21.0.1", "500 Unknown command."
Sat Jun 26 23:20:25 2021 [pid 28] [bob] FTP command: Client "172.21.0.1"
Sat Jun 26 23:20:25 2021 [pid 28] [bob] FTP command: Client "172.21.0.1", "PASV"
Sat Jun 26 23:20:25 2021 [pid 28] [bob] FTP response: Client "172.21.0.1", "227 Entering Passive Mode (172,21,0,1,39,108)."
Sat Jun 26 23:20:25 2021 [pid 28] [bob] FTP command: Client "172.21.0.1", "-----------------------------2612896099323396617250757643"
Sat Jun 26 23:20:25 2021 [pid 28] [bob] FTP response: Client "172.21.0.1", "500 Unknown command."

I got these errors in mitmproxy as well:
6.06.2021 19:23 mitmproxy.main INFO [127.0.0.2] Connection from 127.0.0.2:63741
26.06.2021 19:23 mitmproxy.leak INFO [127.0.0.2] [RUN] Data Leakage
26.06.2021 19:23 mitmproxy.leak INFO [127.0.0.2] Try to port 127.0.0.1:10090
26.06.2021 19:23 mitmproxy.leak INFO [127.0.0.2] ConnectionRefusedError
26.06.2021 19:23 mitmproxy.leak INFO [127.0.0.2] Try to port 127.0.0.1:10091
26.06.2021 19:23 mitmproxy.leak INFO [127.0.0.2] ConnectionRefusedError
26.06.2021 19:23 mitmproxy.leak INFO [127.0.0.2] Try to port 127.0.0.1:10092
26.06.2021 19:23 mitmproxy.leak INFO [127.0.0.2] ConnectionRefusedError
26.06.2021 19:23 mitmproxy.leak INFO [127.0.0.2] Try to port 127.0.0.1:10093
26.06.2021 19:23 mitmproxy.leak INFO [127.0.0.2] ConnectionRefusedError
26.06.2021 19:23 mitmproxy.leak INFO [127.0.0.2] Try to port 127.0.0.1:10094
26.06.2021 19:23 mitmproxy.leak INFO [127.0.0.2] ConnectionRefusedError
26.06.2021 19:23 mitmproxy.leak INFO [127.0.0.2] Try to port 127.0.0.1:10095
26.06.2021 19:23 mitmproxy.leak INFO [127.0.0.2] ConnectionRefusedError
26.06.2021 19:23 mitmproxy.leak INFO [127.0.0.2] Try to port 127.0.0.1:10096
26.06.2021 19:23 mitmproxy.leak INFO [127.0.0.2] ConnectionRefusedError
26.06.2021 19:23 mitmproxy.leak INFO [127.0.0.2] Try to port 127.0.0.1:10097
26.06.2021 19:23 mitmproxy.leak INFO [127.0.0.2] ConnectionRefusedError
26.06.2021 19:23 mitmproxy.leak INFO [127.0.0.2] Try to port 127.0.0.1:10098
26.06.2021 19:23 mitmproxy.leak INFO [127.0.0.2] ConnectionRefusedError
26.06.2021 19:23 mitmproxy.leak INFO [127.0.0.2] Try to port 127.0.0.1:10099
26.06.2021 19:23 mitmproxy.leak INFO [127.0.0.2] ConnectionRefusedError
26.06.2021 19:23 mitmproxy.leak INFO [127.0.0.2] Try to port 127.0.0.1:10100
26.06.2021 19:23 mitmproxy.leak INFO [127.0.0.2] ConnectionRefusedError
26.06.2021 19:23 mitmproxy.leak ERROR Cound not find open passive port

@lambdafu
Copy link
Contributor

lambdafu commented Jul 8, 2021

I can reproduce intermittent failures of mitmproxy which causes a hang. Restarting mitmproxy and trying again lead to success for me after a couple of attempts, but it is very unreliable. Not all data is forwarded and then the FTP server does not see the RETR request, which then means the passive port can not be found. We will investigate further.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

3 participants