michael_kent123 Posted April 27, 2014 Share Posted April 27, 2014 Hello,In 15.01 - "What's up with the Duck?" - Darren runs the ducky script which loads netcat on a victim's Windows machine and makes a connection to his netcat listener on his Ubuntu box.I've uploaded a screenshot of Darren's screen here: http://bayimg.com/bANKBaAfnI'm unclear about three aspects.1. Darren's IP is 173.214.161.228. (ssh dk@173.214.161.228). However, http://173.214.161.228 provides a website for Dreamstreet Home Loans in Australia. Why is this? I assume that Darren has rented space on this VPS along with any number of other organisations / firms? 2. Darren runs netcat from dk@vps. I think that he is running the netcat from the VPS rather than from his own system? Is it normal to have netcat set-up on a VPS?3. Netcat is listening on 0.0.0.0:8002. What does 0.0.0.0 mean in this context. It's something to do with "all interfaces" but please explain in a simple fashion! What I mean is: is Netcat listening on the VPS or on Darren's system or on both? Thanks! Quote Link to comment Share on other sites More sharing options...
cooper Posted April 27, 2014 Share Posted April 27, 2014 (edited) 1. That ep is already over 7 months old, so chances are they ended the lease on that box somewhere between then and now after which that australian bunch got the IP. 2. Don't know if it's typical, but with most things online, if you've got the money for it, you can have it. 3. 0.0.0.0 is like a wildcard for any IP that can be used to access the machine. So if it's got multiple network ports (a.k.a. network interfaces or just interfaces for short and note that you can have virtual network interfaces aswell, where your one network port will respond to multiple different IPs) that port will be claimed for this server process on all of them. It's always local to the host, so this is all on the VPS machine. Edited April 27, 2014 by Cooper Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.