Common ports enumeration and exploitation technique

Port 21 — FTP

We can find out the version of the FTP either by scanning with nmap or by connecting it using nc or ftp.

ftp 192.168.1.101
nc 192.168.1.101 21
nmap -sV 192.168.1.101 -p 21

Metasploit ftp_version module can be also used to scan a range of IP addresses and determine the version of any FTP servers that are running.

use auxiliary/scanner/ftp/ftp_version

ftp-servers may allow anonymous users to access the ftp server

anonymous : anonymous
anonymous :
ftp : ftp

The Metasploit ftp_login auxiliary module can be used to perform brute force login attempts.

use auxiliary/scanner/ftp/ftp_version

Port 22— SSH

We can find out the version of the SSH either by scanning with nmap or by connecting it using nc.

nc 192.168.1.101 22
nmap -sV 192.168.1.101 -p 22

The Metasploit ssh_login module can be used to perform brute force login attempts.

use auxiliary/scanner/ssh/ssh_login

Port 25 — SMTP

We can find out the version of the SSH either by scanning with nmap, telnet, or by connecting it using nc.

nc 192.168.1.101 25
nmap -sV 192.168.1.101 -p 25
telnet 192.168.1.101 25

The Metasploit SMTP Enumeration module will connect to a given mail server and use a wordlist to enumerate users that are present on the remote system

use auxiliary/scanner/smtp/smtp_enum

The Metasploit open relay module can be used to find out open relay vulnerability in SMTP server

use auxiliary/scanner/smtp/smtp_relay

Port 80/443 — HTTP

We can find out the version of the SSH either by scanning with nmap, telnet, or by connecting it using nc.

nc 192.168.1.101 80/443
nmap -sV 192.168.1.101 -p 80/443
telnet 192.168.1.101 80/443

Enumeration using nikto

nikto -h https://192.168.1.101
nikto -h http://192.168.1.101

The Metasploit dir_scanner module can be used to identify the existence of interesting directories in a given directory path.

auxiliary/scanner/http/dir_scanner   

Port 139/445 — SMB

Enumerate Hostname

nmblookup -A [ip]

List Shares

  • smbmap -H [ip/hostname]
  • echo exit | smbclient -L \\\\[ip]
  • nmap --script smb-enum-shares -p 139,445 [ip]

Check Null Sessions

  • smbmap -H [ip/hostname]
  • rpcclient -U "" -N [ip]
  • smbclient \\\\[ip]\\[share name]

Check for smb Vulnerabilities using nmap

nmap --script smb-vuln* -p 139,445 [ip]

--

--

--

Self-learner |Bug Hunter|

Love podcasts or audiobooks? Learn on the go with our new app.

The Importance of Consortium Data for Fraud Prevention

Learn about the Oasis Network & Take a Short Quiz to Earn $ROSE https://coinmarketcap.com/alexandri

Timehop Data Breach exposes 21 Million

GDPR: How small companies can get ready for it (and why you can’t just ignore it)

WorkQuest Token audit

NNS Tokenomics Changes for Decentralized Internet Computer Governance

week sekiz

Detailed explanation of Ethereum smart contract vulnerabilities

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Akash c

Akash c

Self-learner |Bug Hunter|

More from Medium

Mahler-isms of “Death in Venice”

Sandbox Demo #1: Codenames

CS373 Spring 2022: Matthew Escobar Blog #4: Boredom and Valentine’s

Constant Output Week 2