2

I have a reverse shell from an application called openEMR to my kali host. Im trying to enumerate memcached manually however I get an error failed to listen on TCP port 11211: Address already in use any help would be appreciated. Ive tried to use the automated tools like nmap, metasploit, libmemcached-tools however they cant resolve the rhost being that the app is running on a vhost under hms.***

kali ~/Downloads # memcstat --servers=hms.***
kali ~/Downloads :( # memcstat --servers=10.10.10.188
kali ~/Downloads :( #

if anyone has any ideas how to resolve that issue as well it would be appreciated.

oh and yes I've added the vhost to my /etc/hosts file

David
  • 95
  • 1
  • 9
  • That error means that you already have something listening on a port locally, and whatever you are running is trying to bind to the same port. – multithr3at3d Jul 15 '20 at 11:59
  • @multithr3at3d. Thanks. I know that the process is being used, i should have been more clear in my question. Im struggling to enumerate because the process is being used. How do I fix that issue? – David Jul 15 '20 at 12:47

1 Answers1

1

My issue ended up being a misunderstanding of the correct way to enumerate memcached. I was pointing my netcat, nmap, whatever tools at the web app ip address. Eventually I tried pointing it at 127.0.0.1 11211 and it worked. Why? Because I had a reverse shell i was querying the target application from its server. All I had to do was query the localhost for the memcached server. Im not sure if thats clear but Im trying :)

David
  • 95
  • 1
  • 9