Didn't mean to hichjack the original post hence opening this new one.
Quote:
Originally Posted by PoP
I have configured my RCE.ini parameters as follows:
I have opened the port in the firewall:
And I am using This freeware UDP test tool to send UDP packets (containing shell commands) to the Kindle.
My wlan0 interface seems healthy:
It recieves unicast UDP packets on port 10000:
Spoiler:
Before sending the packet
[root@kindle root]# iptables --list --verbose
Chain INPUT (policy DROP 6229 packets, 681K bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT tcp -- ppp0 any anywhere anywhere tcp dpt:40317
0 0 ACCEPT tcp -- ppp0 any anywhere anywhere state RELATED,ESTABLISHED
101K 78M ACCEPT tcp -- wlan0 any anywhere anywhere state RELATED,ESTABLISHED
439 74280 ACCEPT udp -- wlan0 any anywhere anywhere state ESTABLISHED
0 0 ACCEPT udp -- ppp0 any anywhere anywhere state ESTABLISHED
6 328 ACCEPT all -- lo any localhost.localdomain anywhere
0 0 ACCEPT all -- usb0 any anywhere anywhere
1 89 ACCEPT icmp -- any any anywhere anywhere state RELATED,ESTABLISHED
38 1968 ACCEPT tcp -- wlan0 any anywhere anywhere tcp dpt:ssh
0 0 ACCEPT tcp -- wlan0 any anywhere anywhere tcp dpt:ssh
0 0 ACCEPT icmp -- wlan0 any anywhere anywhere
3 144 ACCEPT tcp -- wlan0 any anywhere anywhere tcp dpt:4200
0 0 ACCEPT tcp -- wlan0 any anywhere anywhere tcp dpt:www
6 347 ACCEPT udp -- wlan0 any anywhere anywhere udp dpt:10000
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 61771 packets, 7450K bytes)
pkts bytes target prot opt in out source destination
6 328 ACCEPT all -- any lo anywhere localhost.localdomain
After sending one UDP packet to 192.168.2.9:10000
[root@kindle root]# iptables --list --verbose
Chain INPUT (policy DROP 6254 packets, 684K bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT tcp -- ppp0 any anywhere anywhere tcp dpt:40317
0 0 ACCEPT tcp -- ppp0 any anywhere anywhere state RELATED,ESTABLISHED
102K 78M ACCEPT tcp -- wlan0 any anywhere anywhere state RELATED,ESTABLISHED
439 74280 ACCEPT udp -- wlan0 any anywhere anywhere state ESTABLISHED
0 0 ACCEPT udp -- ppp0 any anywhere anywhere state ESTABLISHED
6 328 ACCEPT all -- lo any localhost.localdomain anywhere
0 0 ACCEPT all -- usb0 any anywhere anywhere
1 89 ACCEPT icmp -- any any anywhere anywhere state RELATED,ESTABLISHED
38 1968 ACCEPT tcp -- wlan0 any anywhere anywhere tcp dpt:ssh
0 0 ACCEPT tcp -- wlan0 any anywhere anywhere tcp dpt:ssh
0 0 ACCEPT icmp -- wlan0 any anywhere anywhere
3 144 ACCEPT tcp -- wlan0 any anywhere anywhere tcp dpt:4200
0 0 ACCEPT tcp -- wlan0 any anywhere anywhere tcp dpt:www
7 385 ACCEPT udp -- wlan0 any anywhere anywhere udp dpt:10000
Per launchpad instructions, I tried enabling the RCE by first sending a packet containning the "start RCE" string. To no avail. The Kindle doesn't seem to receive UDP packets multicasted to 239.1.2.3:10000
Can you help me spot what is missing? |
After some more testing between windows virtual machines I realised that
Simpletool's UDP tester seems not to handle multicast at all. Doh!
So I found
This python implementation of UDP multicasting instead
I then tested
socket_multicast_sender.py Spoiler:
import socket
import struct
import sys
message = 'start RCE'
multicast_group = ('224.1.2.3', 10000)
# Create the datagram socket
sock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
# Set a timeout so the socket does not block indefinitely when trying
# to receive data.
sock.settimeout(0.2)
# Set the time-to-live for messages to 1 so they do not go past the
# local network segment.
ttl = struct.pack('b', 5)
sock.setsockopt(socket.IPPROTO_IP, socket.IP_MULTICAST_TTL, ttl)
try:
# Send data to the multicast group
print >>sys.stderr, 'sending "%s"' % message
sent = sock.sendto(message, multicast_group)
# Look for responses from all recipients
while True:
print >>sys.stderr, 'waiting to receive'
try:
data, server = sock.recvfrom(16)
except socket.timeout:
print >>sys.stderr, 'timed out, no more responses'
break
else:
print >>sys.stderr, 'received "%s" from %s' % (data, server)
finally:
print >>sys.stderr, 'closing socket'
sock.close()
and
socket_multicast_receiver.py Spoiler:
import socket
import struct
import sys
multicast_group = '224.1.2.3'
server_address = ('', 10000)
# Create the socket
sock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
# Bind to the server address
sock.bind(server_address)
# Tell the operating system to add the socket to the multicast group
# on all interfaces.
group = socket.inet_aton(multicast_group)
mreq = struct.pack('4sL', group, socket.INADDR_ANY)
sock.setsockopt(socket.IPPROTO_IP, socket.IP_ADD_MEMBERSHIP, mreq)
# Receive/respond loop
while True:
print >>sys.stderr, '\nwaiting to receive message'
data, address = sock.recvfrom(1024)
print >>sys.stderr, 'received %s bytes from %s' % (len(data), address)
print >>sys.stderr, data
print >>sys.stderr, 'sending acknowledgement to', address
sock.sendto('ack', address)
which totally worked between my windows virtual machines.
At this point I must admit that my quest is now mostly
Hackademic since once USB Network is installed, you can easily send commands to the shell with SSH and there is not much point to force doing it with UDP to Launchpad... except for the fun.
Anyway, My UDP multicasts still don't get to launchpad and I remain puzzled.
Has anybody succeeded doing this? What am I still missing?