At start: https://10.10.10.17 responds (and the rest of the site after using proper dns name)
But:
After a few hours, server stops responding, wireshark capture shows TLS handshake fails after sending “client hello” without “server hello” response.
Actions done:
I’ve changed VPN servers/zones/.
Rebooted brainfuck,
Rebooted my VM,.
Deleted all firefox cache.
Deleted firefox relevant certificates (brainfuck ltd, even owasp zap for no apparent reason)
…
nc shows port 443 is “open” (!!!@:!@#@#), Nmap as well. (i would have guessed “filtered” ?!)
Help?
Bonus question
How can a server responds differently to ip address and dns name mapped with the same ip address? I would have thought that name resolution is in place and the server does not know from which name request came - after dns resolution…
If NC and Nmap both tell you port 443 is open, the problem might be on your end. Are you going through a proxy ? When it stops working, can you still access the Internet ?
As for your second question, it has to do with virtual hosting, which can be configured in a few different ways. Nginx has a “sites-enabled” directory in its configuration folder, which contains a list of all the virtual hosts it handles. Among them there is a default one, which is served to anyone not specifically requesting for a particular domain name. You could, for instance, set the Host header to another value, so even though you’re accessing the same IP address, Nginx knows you actually want to reach a website that is not the default one.
More info here : How To Set Up Nginx Server Blocks (Virtual Hosts) on Ubuntu 16.04 | DigitalOcean
Hey Mr dragonista
Thank you for you’re elaborated answers.
Btw, guest’s network adapter setting is NAT.
Regarding first question, you were definitely on the spot, as I was VPNed from host machine into another network.
Problem solved when I’ve disconnected from VPN session on host. then guest machine was finally able to get the desired “server hello” and complete the TLS handshake.
(I guess that for those few hours I thought I was connected to https://10.10.10.17 the site was not really responsive, just a one cached page )
So When the host is vpn connected to other network’s VPN server, how the latter “knows” I am trying to perform TLS handshake and prevents it?
I can communicate with many other protocols via the guest tunnel (while host is connected to another vpn server) i.e. pop3/imap/smtp/http/ssh … I see the traffic on the other network vpn with HTB and it’s all encrypted…?
Virtual hosts are great! just read a bit about them -
I did not remember that HTTP protocol contains in each request a simple “host” header , where the browser actually saves the host name/ip address, thus not dropping them on the fly after name resolution… feeling a bit dumb.
Again, thank you for your answers. You’re very helpful.
Mmmh, hard to say without knowing the exact topology of your network. It could be the reverse proxy that suddenly prevents you from reaching HTB network for whatever reason, or that prevents the HTB network to pass through it. It could be interfaces that conflict each other, it happened to me when I was messing around with VPNs a while ago. I’m not the best when it comes to network, hopefully you’ll find someone more knowledgeable !
As for Brainfuck, yes, you’re right. I’d recommend to have a look at Nginx configuration on the box after you’ve become root, that should clear things up.