App - Script

I’m trying to bypass the line

if [[ "$cur_syn" == "0" ||  "$max_syn" != "$cur_syn" ]]

in the script to trigger the awk stuff afterwards.

I understand that cur_syn and max_syn are Recv-Q and Send-Q respectively (taken with awk from the line in the netstat output). To manipulate these, I used python and socket to make a simple tcp server with a max backlog of 1. I then made lots of netcat connections to it, but made the python server not accept any of them. My hope was this would fill up the backlog and make it equal to the max backlog (as is required in the code), but instead I got this:

$ netcat -ntlp
(Not all processes could be identified, non-owned process info
will not be shown, you would have to be root to see it all.)
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 2 0 127.0.0.1:1234 0.0.0.0:* LISTEN 2399/python
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN -
tcp6 0 0 :::22 :::* LISTEN -

The python2 command history was this:

Python 2.7.13 (default, Jan 19 2017, 14:48:08)
[GCC 6.3.0 20170118] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>> import socket
>>> s = socket.socket()
>>> s.bind(("localhost", 1234))
>>> s.listen(1)
>>>

What am I doing wrong?
(Sorry if this is spoiling too much; this is my first time posting on these forums. Please just delete the post if it is.)

I’ve spent sooo many hours to try to bypass this line too. But it’s not at all the exploitation way. It’s really easier ;)

Really? I can’t see any exploitable vulnerability before that line in the code.

Look at the title : "Netstat parsing". It’s a hint

As another hint, all the documentation of app-script is relevant to solve this problem, not only the one on awk and netstat.

Thanks a lot for the hints :D
It’s really useful ^^!