Common ports enumeration and exploitation technique

Port 21 — FTP

We can find out the version of the FTP either by scanning with nmap or by connecting it using nc or ftp.

ftp 192.168.1.101
nc 192.168.1.101 21
nmap -sV 192.168.1.101 -p 21

Metasploit ftp_version module can be also used to scan a range of IP addresses and determine the version of any FTP servers that are running.

use auxiliary/scanner/ftp/ftp_version

ftp-servers may allow anonymous users to access the ftp server

anonymous : anonymous
anonymous :
ftp : ftp

The Metasploit ftp_login auxiliary module can be used to perform brute force login attempts.

use auxiliary/scanner/ftp/ftp_version

Port 22— SSH

We can find out the version of the SSH either by scanning with nmap or by connecting it using nc.

nc 192.168.1.101 22
nmap -sV 192.168.1.101 -p 22

The Metasploit ssh_login module can be used to perform brute force login attempts.

use auxiliary/scanner/ssh/ssh_login

Port 25 — SMTP

We can find out the version of the SSH either by scanning with nmap, telnet, or by connecting it using nc.

nc 192.168.1.101 25
nmap -sV 192.168.1.101 -p 25
telnet 192.168.1.101 25

The Metasploit SMTP Enumeration module will connect to a given mail server and use a wordlist to enumerate users that are present on the remote system

use auxiliary/scanner/smtp/smtp_enum

The Metasploit open relay module can be used to find out open relay vulnerability in SMTP server

use auxiliary/scanner/smtp/smtp_relay

Port 80/443 — HTTP

We can find out the version of the SSH either by scanning with nmap, telnet, or by connecting it using nc.

nc 192.168.1.101 80/443
nmap -sV 192.168.1.101 -p 80/443
telnet 192.168.1.101 80/443

Enumeration using nikto

nikto -h https://192.168.1.101
nikto -h http://192.168.1.101

The Metasploit dir_scanner module can be used to identify the existence of interesting directories in a given directory path.

auxiliary/scanner/http/dir_scanner   

Port 139/445 — SMB

Enumerate Hostname

nmblookup -A [ip]

List Shares

  • smbmap -H [ip/hostname]
  • echo exit | smbclient -L \\\\[ip]
  • nmap --script smb-enum-shares -p 139,445 [ip]

Check Null Sessions

  • smbmap -H [ip/hostname]
  • rpcclient -U "" -N [ip]
  • smbclient \\\\[ip]\\[share name]

Check for smb Vulnerabilities using nmap

nmap --script smb-vuln* -p 139,445 [ip]

--

--

--

Self-learner |Bug Hunter|

Love podcasts or audiobooks? Learn on the go with our new app.

{UPDATE} Offroad Police Van Transporter Hack Free Resources Generator

tekSolution: Protect and Defend against attacks on your Wordpress website

Being (Data) Adequate

Do You Struggle To Manage A Zillion Passwords?

Buying and Selling Data, Part 1

Managed Detection and Response

Major vendors dismissed top vulnerability for malware delivery

Announcement that LBank Completed the Reward Distribution of ABTC Time- Limited Q&A Airdrop

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Akash c

Akash c

Self-learner |Bug Hunter|

More from Medium

Fahrenheit 451 Part 3

CS371p Spring 2022: Pranav Chunduru

CS373 Spring 2022: Avi Ghayalod

CSS gradients [ Using linear gradient CSAS]