Socket programming in Python - connection refused

[ThePistonDoctor]

Hi all,

I am reading one of Lupin's tuts on buffer overflow attacks and think my virtual network may be causing a problem. My setup is a Mac OSX 10.5.8 host with one BT4R2 guest and one XP SP2 guest using the internal network setting in VirtualBox. I have designated VB to be my DHCP server handing out the range 192.168.50.0/24 (different than my real internal network of 192.168.76.0/24 to avoid conflicts) and that part works fine. So I have:

XP = 192.168.50.2
BT4 = 192.168.50.3
DHCP = 192.168.50.4

There is no internet access and it should not be needed. I can ping back and forth between all the devices and just tested a telnet connection to XP from BT4 so communication seems to be fine.

Now comes my issue:

I have a python script as follows (modified from Lupin's to simplify it since his didn't work, I wanted to simply get the socket connection and then I can add in his buffer overflow attack later):

Code:

#!/usr/bin/python
import socket
sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
sock.connect(("192.168.50.2", 80))
sock.close()

The goal is simply to open the socket and then close it to make sure the connection works but when I run my python script I get the following:

Code:

root@bt:~# ./minisharesploit.py
Traceback (most recent call last):
     File "./minisharesploit.py", line 10, in <module>
          sock.connect(("192.168.50.2", 80))
     File "<string>", line 1, in connect
socket.error: (111, 'connection refused')

I ran nmap against my XP box and it doesn't show it as listening on port 80, so I suspect this is this issue but I'm not sure. This is my first time working with Python so I could have coded it incorrectly too. I used this howto to generate the code for my socket connection after Lupin's didn't work the way I'd expected: Socket Programming HOWTO — Python v2.7.1 documentation

So I guess my questions are:

1. How can I verify that my XP box is listening on port 80? (I have disabled the firewall, killed the service, and then actually even enabled it and explicitly allowed port 80 but nmap still shows it as closed)

2. If that's not the problem, is there something wrong w/ my Python script?

3. Is there something I don't know about setting a virtual XP machine to listen on port 80 with VirtualBox's internal network? I don't want to use bridged or host-only networking because I want to isolate the virtual network completely from my host network.

Thanks in advance

EDIT: I just enabled port 23 on the XP VM and modified the python script accordingly and was able to establish a socket. So the issue is definitely that I'm not listening on port 80. Does anyone know how to set my XP machine to listen on this port in VirtualBox with internal networking only (i.e. I don't want to port forward through my router, etc). I'll keep searching in the meantime. Thanks again

[Gitsnik]

Code:

netstat -an | find "80"

If you have something listening on port 80 it will show up in that list (yes I saw your edit, let's do some information transfer anyway).

I'd hazard a couple of guesses, but let's start with something obvious - start minishare without using the debugger and see if you can connect - if you can, you're probably not pressing play in your debugger (so it's starting up but not completing - your socket is not being created).

As with any debugging situation (code or otherwise) it always helps to remove big chunks of the equation - in this case the debugger. I would also try browsing from the XP machine's Internet Explorer to BackTrack Linux - Penetration Testing Distribution and see what happens.

[ThePistonDoctor]

You hit the nail on the head. netstat -an showed nothing listening on port 80.

I forgot to hit the damn play button. Starting minishare w/o ollydbg then running netstat -an again showed it sitting right there at the top.

I guess I'm not ready for the experts forum yet. Carry on...lol

[iproute]

You hit the nail on the head. netstat -an showed nothing listening on port 80.

I forgot to hit the damn play button. Starting minishare w/o ollydbg then running netstat -an again showed it sitting right there at the top.

I guess I'm not ready for the experts forum yet. Carry on...lol

You ask good questions though. I always like seeing people confirm a fix/work around that works as well.
What made you choose the username of ThePistonDoctor out of curiousity?

[ThePistonDoctor]

It's an old AIM username. I had a supercharged mustang that I was pushing to the limits of the stock motor, hence I had to pull the motor and replace the guts w/ forged internals (pistons/rods/bearings/crank/etc) to handle more boost.

Upon replacing the engine and upping the boost, my friends dubbed me the piston doctor when the car dynoed 482whp at 12psi

[iproute]

It's an old AIM username. I had a supercharged mustang that I was pushing to the limits of the stock motor, hence I had to pull the motor and replace the guts w/ forged internals (pistons/rods/bearings/crank/etc) to handle more boost.

Upon replacing the engine and upping the boost, my friends dubbed me the piston doctor when the car dynoed 482whp at 12psi

Nice. Before beginning my IT career I was an engine machinist and CNC machinist, doing similar things. Roots or centrifugal? nm, probably too off topic.

[ThePistonDoctor]

It's only off topic if I don't use roots (ba-dum CHING!)

My blower was a twin screw (Kenne Bell)