So I have a RADIUS server running at 10.0.0.15. I have to brute-force its shared secret. I am using the TinyRaidus Java library.
Here is my code:
String s = "big line...";
String[] words = s.split("\\W+");
String host, userName, password;
userName = "admin";
password = "pass";
host = "10.0.0.15";
int count = words.length;
for (String word : words) {
System.err.println("Left: " + count);
RadiusClient rc = new RadiusClient(host, word);
try {
if (rc.authenticate(userName, password)) {
System.out.print("Cracked. Secret is: " + word);
break;
}
} catch (IOException ex) {
Logger.getLogger(RadiusBrute.class.getName()).log(Level.SEVERE, null, ex);
} catch (RadiusException ex) {
Logger.getLogger(RadiusBrute.class.getName()).log(Level.SEVERE, null, ex);
}
}
However, everytime I run this, I get this error:
Jun 21, 2016 12:48:28 AM org.tinyradius.util.RadiusClient communicate
SEVERE: communication failure (timeout), no more retries
Jun 21, 2016 12:48:28 AM radiusbrute.RadiusBrute main
SEVERE: null
java.net.SocketTimeoutException: Receive timed out
at java.net.PlainDatagramSocketImpl.receive0(Native Method)
at java.net.AbstractPlainDatagramSocketImpl.receive(AbstractPlainDatagramSocketImpl.java:144)
at java.net.DatagramSocket.receive(DatagramSocket.java:812)
at org.tinyradius.util.RadiusClient.communicate(RadiusClient.java:249)
at org.tinyradius.util.RadiusClient.authenticate(RadiusClient.java:83)
at org.tinyradius.util.RadiusClient.authenticate(RadiusClient.java:65)
at radiusbrute.RadiusBrute.main(RadiusBrute.java:284)
Here have I done wrong?
Thanks.
It looks like your RADIUS server silently discarded your RADIUS Access-Request. Depending on the RADIUS server implementation the reason could be one of the following:
RADIUS server doesn't have the host where you send your requests from as configured client: from RADIUS RFC 2865:
A request from a client for which the RADIUS server does not have a
shared secret MUST be silently discarded.
2. You sent too many failed requests from your client and RADIUS server banned your client by its IP address and drops all subsequent requests
3. (Unlikely) RADIUS server is configured to drop request with wrong username/password instead of sending RADIUS Access-Reject
Related
I have 2 springboot services a-service and b-service. They are communicating with eachother. And theese services working on docker different containers. When i send request from a-service to b-service if request time more than 15 minutes a-service cannot get response from b-service. Its not throwing error or timeout exception but process stucks in the row which i send request and does not going. a-service request code is below.
logger.info("Test 18 started...");
try {
//b-service url
String url = ServiceModuleConstant.Menu.SYNCPOSMENU_URL + "/test18";
logger.info("Scheduled system test URL : " + url);
ResultModel control = RestClientUtils.postForObject(url,ResultModel.class,null);
//does not come here anytime
logger.info("Test 18 result : " + control.isSuccess());
} catch (Exception e) {
logger.error("Test 18 error : " + e.toString());
}
logger.info("Test 18 finished...");
by the way b-service complete request succesfully.
Is there any configuration setting for docker container about request timeouts.
I'm trying to configure the data source using SSH to access the Database from IntelliJ off-campus. The configuration is as shown in the screenshots, and I got
[08006][17002] IO Error: Got minus one from a read call, connect lapse 30003 ms., Authentication lapse 0 ms. oracle.net.ns.NetException: Got minus one from a read call.
In fact, I've succeeded to connect to the DB with the loginProxy() and loginDB() in a Java program. From running the code, I knew that the jdbcPort should be dynamic, and I assume that's also what should be filled in the "Port" blank in the "General" tab in "Data Source and Drivers" configuration window.
So here comes the problem, how can I configure it if the Port to be filled in is DYNAMIC? Or did I get anything wrong so that actually there should be another approach?
An additional question: String URL = "jdbc:oracle:thin:#" + jdbcHost + ":" + jdbcPort + "/" + database; What URL format is used here? It doesn't look like SID, Service Name, or TNS, but it does work... and it's funny that when I substitute the "/" with ":", which matches the SID format, it doesn't work anymore...
/**
* Login the proxy. Do not change this function.
*
* #return boolean
*/
public boolean loginProxy() {
if (getYESorNO("Using ssh tunnel or not?")) { // if using ssh tunnel
String[] namePwd = getUsernamePassword("Login cs lab computer");
String sshUser = namePwd[0];
String sshPwd = namePwd[1];
try {
proxySession = new JSch().getSession(sshUser, proxyHost, proxyPort);
proxySession.setPassword(sshPwd);
Properties config = new Properties();
config.put("StrictHostKeyChecking", "no");
proxySession.setConfig(config);
proxySession.connect();
proxySession.setPortForwardingL(forwardHost, 0, databaseHost, databasePort);
forwardPort = Integer.parseInt(proxySession.getPortForwardingL()[0].split(":")[0]);
// 👆 forwardPort is set here, seems to be dynamic...
} catch (JSchException e) {
e.printStackTrace();
return false;
}
jdbcHost = forwardHost; // 👈 this is used in case of SSH connection, which is "localhost"
jdbcPort = forwardPort; // 👈 this is used in case of SSH connection
} else {
jdbcHost = databaseHost;
jdbcPort = databasePort;
}
return true;
}
/**
* Login the oracle system. Change this function under instruction.
*
* #return boolean
*/
public boolean loginDB() {
String username = "myDBUsername";
String password = "myDBPassword";
/* Do not change the code below */
String URL = "jdbc:oracle:thin:#" + jdbcHost + ":" + jdbcPort + "/" + database;
try {
System.out.println("Logging " + URL + " ...");
conn = DriverManager.getConnection(URL, username, password);
return true;
} catch (SQLException e) {
e.printStackTrace();
return false;
}
}
On general tab you need to specify real db server hostname and port, not localhost. With configured SSH tunnel on next tab all the things for connection will be done automatically.
I am developing a multiplayer game in Java built around my own client-server architecture. In short, the client requests a copy of the server's World object 30 times a second and, upon receiving it, sets its client-side copy to the response. This is all done using Java's standard net API.
The issue I am having is that I also store an ArrayList of Player objects in the world, and when I add a Player to this list, the client doesn't get the update. It still receives a copy of the world from the server, but its not up to date.
I experienced a similar problem in a past project that was caused by write/readObject and fixed it by using write/readUnshared, but even that isn't working.
Here's the important stuff from the server end of the communication:
String message;
int sum = 0;
while(active)
{
message = "";
try {
message = in.readUTF();
} catch (IOException e) {
active = false;
System.out.println("Lost connection with client " + socket.getInetAddress());
}
if(message.equals("GETWORLD"))
{
try {
sum++;
if(sum == 100)
main.world.addPlayer(999, 2, 2);
System.out.println("Client requested world (#" + sum + ")");
System.out.println(main.world.players.size());
out.writeUnshared(main.world);
out.flush();
System.out.println("Sent client world (#" + sum + ")");
} catch (IOException e) {
active = false;
System.out.println("Lost connection with client " + socket.getInetAddress());
}
}
if(message.equals("DISCONNECT"))
{
active = false;
System.out.println("Client " + socket.getInetAddress() + " requested disconnect");
}
}
And then the client end:
Object read = null;
int sum = 0;
while(active)
{
try {
Thread.sleep((long)(1000 / 30.0));
if(connected)
{
sum++;
System.out.println("Asking server for world (#" + sum + ")");
out.writeUTF("GETWORLD");
out.flush();
read = in.readUnshared();
if(read instanceof World)
{
World temp = (World)read;
System.out.println(temp.players.size());
frame.panel.updateWorld((World)read);
System.out.println("Got world from server (#" + sum + ")");
}
}
} catch (InterruptedException | ClassNotFoundException e1) {
active = false;
e1.printStackTrace();
} catch (IOException e2) {
active = false;
System.out.println("Lost connection with server # " + socket.getInetAddress());
frame.dispose();
System.exit(0);
}
}
Obviously the sum variable is for debugging.
I further tested this with some output, here's what is scaring me:
Client log:
...
Asking server for world (#99)
1
Got world from server (#99)
Asking server for world (#100)
1
Got world from server (#100)
Asking server for world (#101)
1
Got world from server (#101)
...
Server log:
...
Client requested world (#99)
1
Sent client world (#99)
Client requested world (#100)
2
Sent client world (#100)
Client requested world (#101)
2
Sent client world (#101)
...
You can see here that even though the request numbers match up, there's a clear discrepancy between the number of Player objects in the World object.
Here's the important stuff from the World and Player classes for those curious:
public class World implements Serializable
{
public ArrayList<Room> rooms;
public ArrayList<Player> players;
private QuickMaths qm;
...
public class Player implements Serializable
{
private double xPos;
private double yPos;
private Color color;
int id;
...
I apologize if this is a long yet easy problem. I'm not sure if it's a referencing issue or some other network quirk, but it's really driving me nuts. Thanks in advance.
Your problem is with writeUnshared which is a little misleading.
Read here:
"Note that the rules described above only apply to the base-level
object written with writeUnshared, and not to any transitively
referenced sub-objects in the object graph to be serialized. "
This means that the player object will not be written twice but the old reference to that object in the serialization tree will be used.
The solution to this would be to call the reset method after each write call to ensure that the old written objects will not be referenced again.
So:
out.writeUnshared(main.world);
out.flush();
out.reset();
We're having some trouble trying to implement a Pool of SftpConnections for our application.
We're currently using SSHJ (Schmizz) as the transport library, and facing an issue we simply cannot simulate in our development environment (but the error keeps showing randomly in production, sometimes after three days, sometimes after just 10 minutes).
The problem is, when trying to send a file via SFTP, the thread gets locked in the init method from schmizz' TransportImpl class:
#Override
public void init(String remoteHost, int remotePort, InputStream in, OutputStream out)
throws TransportException {
connInfo = new ConnInfo(remoteHost, remotePort, in, out);
try {
if (config.isWaitForServerIdentBeforeSendingClientIdent()) {
receiveServerIdent();
sendClientIdent();
} else {
sendClientIdent();
receiveServerIdent();
}
log.info("Server identity string: {}", serverID);
} catch (IOException e) {
throw new TransportException(e);
}
reader.start();
}
isWaitForServerIdentBeforeSendingClientIdent is FALSE for us, so first of all the client (we) send our identification, as appears in logs:
"Client identity String: blabla"
Then it's turn for the receiveServerIdent:
private void receiveServerIdent() throws IOException
{
final Buffer.PlainBuffer buf = new Buffer.PlainBuffer();
while ((serverID = readIdentification(buf)).isEmpty()) {
int b = connInfo.in.read();
if (b == -1)
throw new TransportException("Server closed connection during identification exchange");
buf.putByte((byte) b);
}
}
The thread never gets the control back, as the server never replies with its identity. Seems like the code is stuck in this While loop. No timeouts, or SSH exceptions are thrown, my client just keeps waiting forever, and the thread gets deadlocked.
This is the readIdentification method's impl:
private String readIdentification(Buffer.PlainBuffer buffer)
throws IOException {
String ident = new IdentificationStringParser(buffer, loggerFactory).parseIdentificationString();
if (ident.isEmpty()) {
return ident;
}
if (!ident.startsWith("SSH-2.0-") && !ident.startsWith("SSH-1.99-"))
throw new TransportException(DisconnectReason.PROTOCOL_VERSION_NOT_SUPPORTED,
"Server does not support SSHv2, identified as: " + ident);
return ident;
}
Seems like ConnectionInfo's inputstream never gets data to read, as if the server closed the connection (even if, as said earlier, no exception is thrown).
I've tried to simulate this error by saturating the negotiation, closing sockets while connecting, using conntrack to kill established connections while the handshake is being made, but with no luck at all, so any help would be HIGHLY appreciated.
: )
I bet following code creates a problem:
String ident = new IdentificationStringParser(buffer, loggerFactory).parseIdentificationString();
if (ident.isEmpty()) {
return ident;
}
If the IdentificationStringParser.parseIdentificationString() returns empty string, it will be returned to the caller method. The caller method will keep calling the while ((serverID = readIdentification(buf)).isEmpty()) since the string is always empty. The only way to break the loop would be if call to int b = connInfo.in.read(); returns -1... but if server keeps sending the data (or resending the data) this condition is never met.
If this is the case I would add some kind of artificial way to detect this like:
private String readIdentification(Buffer.PlainBuffer buffer, AtomicInteger numberOfAttempts)
throws IOException {
String ident = new IdentificationStringParser(buffer, loggerFactory).parseIdentificationString();
numberOfAttempts.incrementAndGet();
if (ident.isEmpty() && numberOfAttempts.intValue() < 1000) { // 1000
return ident;
} else if (numberOfAttempts.intValue() >= 1000) {
throw new TransportException("To many attempts to read the server ident").
}
if (!ident.startsWith("SSH-2.0-") && !ident.startsWith("SSH-1.99-"))
throw new TransportException(DisconnectReason.PROTOCOL_VERSION_NOT_SUPPORTED,
"Server does not support SSHv2, identified as: " + ident);
return ident;
}
This way you would at least confirm that this is the case and can dig further why .parseIdentificationString() returns empty string.
Faced a similar issue where we would see:
INFO [net.schmizz.sshj.transport.TransportImpl : pool-6-thread-2] - Client identity string: blablabla
INFO [net.schmizz.sshj.transport.TransportImpl : pool-6-thread-2] - Server identity string: blablabla
But on some occasions, there were no server response.
Our service would typically wake up and transfer several files simultaneously, one file per connection / thread.
The issue was in the sshd server config, we increased maxStartups from default value 10
(we noticed the problems started shortly after batch sizes increased to above 10)
Default in /etc/ssh/sshd_config:
MaxStartups 10:30:100
Changed to:
MaxStartups 30:30:100
MaxStartups
Specifies the maximum number of concurrent unauthenticated connections to the SSH daemon. Additional connections will be dropped until authentication succeeds or the LoginGraceTime expires for a connection. The default is 10:30:100. Alternatively, random early drop can be enabled by specifying the three colon separated values start:rate:full (e.g. "10:30:60"). sshd will refuse connection attempts with a probability of rate/100 (30%) if there are currently start (10) unauthenticated connections. The probability increases linearly and all connection attempts are refused if the number of unauthenticated connections reaches full (60).
If you cannot control the server, you might have to find a way to limit your concurrent connection attempts in your client code instead.
I'm experiencing java.net.ConnectException in random ways.
My servlet runs in Tomcat 6.0 (JDK 1.6).
The servlet periodically fetches data from 4-5 third-party web servers.
The servlet uses a ScheduledExecutorService to fetch the data.
Run locally, all is fine and dandy. Run on my prod server, I see semi-random failures to fetch data from 1 of the third parties (Canadian weather data).
These are the URLs that are failing (plain RSS feeds):
http://weather.gc.ca/rss/city/pe-1_e.xml
http://weather.gc.ca/rss/city/pe-2_e.xml
http://weather.gc.ca/rss/city/pe-3_e.xml
http://weather.gc.ca/rss/city/pe-4_e.xml
http://weather.gc.ca/rss/city/pe-5_e.xml
http://weather.gc.ca/rss/city/pe-6_e.xml
http://meteo.gc.ca/rss/city/pe-1_f.xml
http://meteo.gc.ca/rss/city/pe-2_f.xml
http://meteo.gc.ca/rss/city/pe-3_f.xml
http://meteo.gc.ca/rss/city/pe-4_f.xml
http://meteo.gc.ca/rss/city/pe-5_f.xml
http://meteo.gc.ca/rss/city/pe-6_f.xml
Strange: each cycle, when I periodically fetch this data, the success/fail is all over the map: some succeed, some fail, but it never seems to be the same twice. So, I'm not completely blocked, just randomly blocked.
I slowed down my fetches, by introducing a 61s pause between each one. That had no effect.
The guts of the code that does the actual fetch:
private static final int TIMEOUT = 60*1000; //msecs
public String fetch(String aURL, String aEncoding /*UTF-8*/) {
String result = "";
long start = System.currentTimeMillis();
Scanner scanner = null;
URLConnection connection = null;
try {
URL url = new URL(aURL);
connection = url.openConnection(); //this doesn't talk to the network yet
connection.setConnectTimeout(TIMEOUT);
connection.setReadTimeout(TIMEOUT);
connection.connect(); //actually connects; this shouldn't be needed here
scanner = new Scanner(connection.getInputStream(), aEncoding);
scanner.useDelimiter(END_OF_INPUT);
result = scanner.next();
}
catch (IOException ex) {
long end = System.currentTimeMillis();
long time = end - start;
fLogger.severe(
"Problem connecting to " + aURL + " Encoding:" + aEncoding +
". Exception: " + ex.getMessage() + " " + ex.toString() + " Cause:" + ex.getCause() +
" Connection Timeout: " + connection.getConnectTimeout() + "msecs. Read timeout:" +
connection.getReadTimeout() + "msecs."
+ " Time taken to fail: " + time + " msecs."
);
}
finally {
if (scanner != null) scanner.close();
}
return result;
}
Example log entry showing a failure:
SEVERE: Problem connecting to http://weather.gc.ca/rss/city/pe-5_e.xml Encoding:UTF-8.
Exception: Connection timed out java.net.ConnectException: Connection timed out
Cause:null
Connection Timeout: 60000msecs.
Read timeout:60000msecs.
Time taken to fail: 15028 msecs.
Note that the time to fail is always 15s + a tiny amount.
Also note that it fails to reach the configured 60s timeout for the connection.
The host-server admins (Environment Canada) state that they don't have any kind of a blacklist for the IP address of misbehaving clients.
Also important: the code had been running for several months without this happening.
Someone suggested that instead I should use curl, a bash script, and cron. I implemented that, and it works fine.
I'm not able to solve this problem using Java.