View Single Post
Old 12-05-2011, 08:17 PM   #1
PoP
Fᵘᶻᶻʸ⅓⋚⫽₃₃⪓⫻₃₃₃ Mᵃᵗʰ
PoP ought to be getting tired of karma fortunes by now.PoP ought to be getting tired of karma fortunes by now.PoP ought to be getting tired of karma fortunes by now.PoP ought to be getting tired of karma fortunes by now.PoP ought to be getting tired of karma fortunes by now.PoP ought to be getting tired of karma fortunes by now.PoP ought to be getting tired of karma fortunes by now.PoP ought to be getting tired of karma fortunes by now.PoP ought to be getting tired of karma fortunes by now.PoP ought to be getting tired of karma fortunes by now.PoP ought to be getting tired of karma fortunes by now.
 
PoP's Avatar
 
Posts: 491
Karma: 4504893
Join Date: Dec 2010
Location: ♁ ᴺ₄₅₃₀' ᵂ₇₃₃₇' ₆₀"
Device: K3.₄, PRS-350, SGS3, Rπ, iPad Air
I can't get Launchpad's RCE to work

Didn't mean to hichjack the original post hence opening this new one.

Quote:
Originally Posted by PoP View Post
I have configured my RCE.ini parameters as follows:
Spoiler:

[RemoteCommandEntry]

;; comment out AutoEnable and enableRCE definitions below
;; in order to fully disable the RCE feature

AutoEnable = yes
enableRCE = start RCE
disableRCE = stop RCE

Interface = wlan0
MulticastGroup = 239.1.2.3
Port = 10000

I have opened the port in the firewall:
Spoiler:

iptables -A INPUT -i wlan0 -p udp --dport 10000 -j ACCEPT

And I am using This freeware UDP test tool to send UDP packets (containing shell commands) to the Kindle.

My wlan0 interface seems healthy:
Spoiler:

[root@kindle root]# ifconfig
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:1449 errors:0 dropped:0 overruns:0 frame:0
TX packets:1449 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:408369 (398.7 KiB) TX bytes:408369 (398.7 KiB)

wlan0 Link encap:Ethernet HWaddr XX:XX:XX:XX:XX:XX
inet addr:192.168.2.9 Bcast:192.168.2.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:11383 errors:0 dropped:0 overruns:0 frame:0
TX packets:1984 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:2715897 (2.5 MiB) TX bytes:276735 (270.2 KiB)


It recieves unicast UDP packets on port 10000:
Spoiler:

Before sending the packet

[root@kindle root]# iptables --list --verbose
Chain INPUT (policy DROP 6229 packets, 681K bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT tcp -- ppp0 any anywhere anywhere tcp dpt:40317
0 0 ACCEPT tcp -- ppp0 any anywhere anywhere state RELATED,ESTABLISHED
101K 78M ACCEPT tcp -- wlan0 any anywhere anywhere state RELATED,ESTABLISHED
439 74280 ACCEPT udp -- wlan0 any anywhere anywhere state ESTABLISHED
0 0 ACCEPT udp -- ppp0 any anywhere anywhere state ESTABLISHED
6 328 ACCEPT all -- lo any localhost.localdomain anywhere
0 0 ACCEPT all -- usb0 any anywhere anywhere
1 89 ACCEPT icmp -- any any anywhere anywhere state RELATED,ESTABLISHED
38 1968 ACCEPT tcp -- wlan0 any anywhere anywhere tcp dpt:ssh
0 0 ACCEPT tcp -- wlan0 any anywhere anywhere tcp dpt:ssh
0 0 ACCEPT icmp -- wlan0 any anywhere anywhere
3 144 ACCEPT tcp -- wlan0 any anywhere anywhere tcp dpt:4200
0 0 ACCEPT tcp -- wlan0 any anywhere anywhere tcp dpt:www
6 347 ACCEPT udp -- wlan0 any anywhere anywhere udp dpt:10000

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination

Chain OUTPUT (policy ACCEPT 61771 packets, 7450K bytes)
pkts bytes target prot opt in out source destination
6 328 ACCEPT all -- any lo anywhere localhost.localdomain


After sending one UDP packet to 192.168.2.9:10000


[root@kindle root]# iptables --list --verbose
Chain INPUT (policy DROP 6254 packets, 684K bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT tcp -- ppp0 any anywhere anywhere tcp dpt:40317
0 0 ACCEPT tcp -- ppp0 any anywhere anywhere state RELATED,ESTABLISHED
102K 78M ACCEPT tcp -- wlan0 any anywhere anywhere state RELATED,ESTABLISHED
439 74280 ACCEPT udp -- wlan0 any anywhere anywhere state ESTABLISHED
0 0 ACCEPT udp -- ppp0 any anywhere anywhere state ESTABLISHED
6 328 ACCEPT all -- lo any localhost.localdomain anywhere
0 0 ACCEPT all -- usb0 any anywhere anywhere
1 89 ACCEPT icmp -- any any anywhere anywhere state RELATED,ESTABLISHED
38 1968 ACCEPT tcp -- wlan0 any anywhere anywhere tcp dpt:ssh
0 0 ACCEPT tcp -- wlan0 any anywhere anywhere tcp dpt:ssh
0 0 ACCEPT icmp -- wlan0 any anywhere anywhere
3 144 ACCEPT tcp -- wlan0 any anywhere anywhere tcp dpt:4200
0 0 ACCEPT tcp -- wlan0 any anywhere anywhere tcp dpt:www
7 385 ACCEPT udp -- wlan0 any anywhere anywhere udp dpt:10000


Per launchpad instructions, I tried enabling the RCE by first sending a packet containning the "start RCE" string. To no avail. The Kindle doesn't seem to receive UDP packets multicasted to 239.1.2.3:10000
Spoiler:

After multicasting several packets, the count does not change

[root@kindle root]# iptables --list --verbose
Chain INPUT (policy DROP 6255 packets, 684K bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT tcp -- ppp0 any anywhere anywhere tcp dpt:40317
0 0 ACCEPT tcp -- ppp0 any anywhere anywhere state RELATED,ESTABLISHED
102K 78M ACCEPT tcp -- wlan0 any anywhere anywhere state RELATED,ESTABLISHED
439 74280 ACCEPT udp -- wlan0 any anywhere anywhere state ESTABLISHED
0 0 ACCEPT udp -- ppp0 any anywhere anywhere state ESTABLISHED
6 328 ACCEPT all -- lo any localhost.localdomain anywhere
0 0 ACCEPT all -- usb0 any anywhere anywhere
1 89 ACCEPT icmp -- any any anywhere anywhere state RELATED,ESTABLISHED
38 1968 ACCEPT tcp -- wlan0 any anywhere anywhere tcp dpt:ssh
0 0 ACCEPT tcp -- wlan0 any anywhere anywhere tcp dpt:ssh
0 0 ACCEPT icmp -- wlan0 any anywhere anywhere
3 144 ACCEPT tcp -- wlan0 any anywhere anywhere tcp dpt:4200
0 0 ACCEPT tcp -- wlan0 any anywhere anywhere tcp dpt:www
7 385 ACCEPT udp -- wlan0 any anywhere anywhere udp dpt:10000

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination

Chain OUTPUT (policy ACCEPT 61854 packets, 7468K bytes)
pkts bytes target prot opt in out source destination
6 328 ACCEPT all -- any lo anywhere localhost.localdomain


Can you help me spot what is missing?
After some more testing between windows virtual machines I realised that Simpletool's UDP tester seems not to handle multicast at all. Doh!

So I found This python implementation of UDP multicasting instead

I then tested socket_multicast_sender.py
Spoiler:
import socket
import struct
import sys

message = 'start RCE'
multicast_group = ('224.1.2.3', 10000)

# Create the datagram socket
sock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)

# Set a timeout so the socket does not block indefinitely when trying
# to receive data.
sock.settimeout(0.2)

# Set the time-to-live for messages to 1 so they do not go past the
# local network segment.
ttl = struct.pack('b', 5)
sock.setsockopt(socket.IPPROTO_IP, socket.IP_MULTICAST_TTL, ttl)

try:

# Send data to the multicast group
print >>sys.stderr, 'sending "%s"' % message
sent = sock.sendto(message, multicast_group)

# Look for responses from all recipients
while True:
print >>sys.stderr, 'waiting to receive'
try:
data, server = sock.recvfrom(16)
except socket.timeout:
print >>sys.stderr, 'timed out, no more responses'
break
else:
print >>sys.stderr, 'received "%s" from %s' % (data, server)

finally:
print >>sys.stderr, 'closing socket'
sock.close()

and socket_multicast_receiver.py
Spoiler:
import socket
import struct
import sys

multicast_group = '224.1.2.3'
server_address = ('', 10000)

# Create the socket
sock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)

# Bind to the server address
sock.bind(server_address)

# Tell the operating system to add the socket to the multicast group
# on all interfaces.
group = socket.inet_aton(multicast_group)
mreq = struct.pack('4sL', group, socket.INADDR_ANY)
sock.setsockopt(socket.IPPROTO_IP, socket.IP_ADD_MEMBERSHIP, mreq)

# Receive/respond loop
while True:
print >>sys.stderr, '\nwaiting to receive message'
data, address = sock.recvfrom(1024)

print >>sys.stderr, 'received %s bytes from %s' % (len(data), address)
print >>sys.stderr, data

print >>sys.stderr, 'sending acknowledgement to', address
sock.sendto('ack', address)
which totally worked between my windows virtual machines.

At this point I must admit that my quest is now mostly Hackademic since once USB Network is installed, you can easily send commands to the shell with SSH and there is not much point to force doing it with UDP to Launchpad... except for the fun.

Anyway, My UDP multicasts still don't get to launchpad and I remain puzzled.

Has anybody succeeded doing this? What am I still missing?
PoP is offline   Reply With Quote