Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
M
M
marginBottom2017-09-30 10:25:24
Information Security
marginBottom, 2017-09-30 10:25:24

Why does hh.ru make many requests to 127.0.0.1 on different ports?

I go to the headhunter and what I see in devtools, in the network - xhr tab, get requests to 127.0.0.1 on different ports:

https://127.0.0.1:5900/
https://127.0.0.1:6900/
https://127.0.0.1:5650/
https://127.0.0.1:5931/
https://127.0.0.1:5938/
https://127.0.0.1:5939/
https://127.0.0.1:3389/
https://127.0.0.1:8080/
https://127.0.0.1:51/
https://127.0.0.1/
https://127.0.0.1:80/
https://127.0.0.1:22/
https://127.0.0.1:445/
https://127.0.0.1:5985/

Incognito in chrome shows the same picture.
In the fox, the same thing:
59cf465050d32468646123.png

I disabled extensions in chrome - zero effect. Tried on debian through the same browsers - nothing has changed. Why does hh.ru hit ports (ssh, rdp, etc.)?

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

2 answer(s)
Report
A
akelsey, 2017-09-30
@marginBottom

Checks the services available on the computer:
5900 - if it listens, then there is a possibility of a VNC service
8080 - proxy
3389 - rdp
, etc. - according to the list of known ports.
Sberbank also checks, and I think it can refuse authentication if these ports are open.

Report
D
devalone, 2017-09-30
@devalone

I sketched a server here on my knee:

import socketserver
import threading

ports = [5900, 6900, 5650, 5931, 5938, 5939, 3389, 8080, 51, 80, 443, 445, 5985]
threads = []
servers = []


class RequestHandler(socketserver.BaseRequestHandler):
    def handle(self):
        binaryData = self.request.recv(1024 * 1024)
        print('server {} got data: {}'.format(
            self.server.server_address, binaryData))
        self.request.sendall("fuck you, hh.ru\n".encode())


def worker(port):
    server = socketserver.TCPServer(('localhost', port), RequestHandler)
    servers.append(server)
    server.serve_forever()


if __name__ == "__main__":
    for port in ports:
        print('server on port {} is starting...'.format(port))
        thread = threading.Thread(target=worker, args=(port,))
        threads.append(thread)
        thread.start()

    for thread in threads:
        thread.join()

It listens on all these ports, receives data in binary form, and sends "fuck you, hh.ru" in response. Here's what I got: https://pastebin.com/AwA2QqJP
Wireshark identified VNC in one of the requests.

Similar questions
S
Shamil2015-03-02 22:06:14
How to organize information security in an organization? 4Reply
C
carotis_interna2017-03-08 01:43:55
How to save your passwords using NFC tags? 2Reply
P
Pavel2017-03-08 05:32:32
What are the vulnerable builds for pentesting? 1Reply
I
Ivan Timlid2015-03-04 19:30:07
Where can an experienced team find a new project/startup/company? 5Reply
Z
Zakhar Storozhuk2017-03-11 15:19:54
Is it possible to track a person in this way? 4Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question