Common port security risks & test methods

In the penetration testing, port scanning is a very important step. The purpose of port scanning is to understand the service information running on the server, every different port needs to have different security tests method, the main content of this article is about common port security risks and test methods.

DNS (53) UDP

DNS is an abbreviation for the Domain Name System (DomainNameSystem), which is used to name computers and network services organized into domain hierarchies.

Test content

  • Configure the DNS domain for the vulnerability
  • Denial of service attacks against dns
  • Enumerate the secondary domain name, and drop the domain name information
  • For different versions of the dns server, external disclosure vulnerabilities can be found in the major vulnerability database.

Tools

Common tools: dnsenum, nslookup, dig, fierce

Use Nmap script: nmap -Pn –sU -p53 –script dns * -v

SMTP (25) TCP

SMTP (Simple Mail Transfer Protocol) is a simple mail transfer protocol, it is a set of the source address to the destination address for the transmission of the message, from which to control the letter of the transit.

Test content

  • Mail spoofing, forward spam
  • Use VRFY to enumerate user lists
  • For different versions of the mail server, external disclosure vulnerabilities can be found in the major vulnerability database.

Tools

Use namp script: nmap -Pn -sS -p25 –script smtp * -v

SNMP (161) UDP

Simple Network Management Protocol (SNMP), consisting of a set of network management standards, includes an application layer protocol, a database schema, and a set of resource objects.

Test content

  • Default community string
  • Enumerated MIB

Tools

Common tools: snmpwalk, snmpenum.pl

SSH (22) TCP

SSH is an acronym for Secure Shell, developed by the IETF Network Working Group; SSH is a security protocol based on an application layer

Test content

  • Violent crack
  • According to different versions of the ssh server version and the public exp test

Tools

Brute force tools: hydra, medusa

Nmap script: nmap -Pn -sS -p22 –script ssh * -v

Connection tool: putty, winscp

SMB (445,137,139) TCP

SMB (Server Message Block) communication protocol is Microsoft (Microsoft) and Intel (Intel) in 1987 to develop the agreement, mainly as a Microsoft network communication protocol.

Test content

  • Find smb version

Tools

Msf (auxiliary/scanner/smb/smb_version)

Nmap script: smb-check-vulns

FTP (21) TCP

FTP is File Transfer Protocol (File Transfer Protocol) in English, and the Chinese referred to as “text transmission protocol.” Used for bidirectional transmission of control files on the Internet.

Test content

  • Default User Password: anonymous: anonymous
  • Violent crack account password
  • According to different versions of the ftp server version and the public exp test

Tools

Brute force tools: hydra, medusa

Nmap script: nmap -Pn -sS -p21 –script ftp * -v

Telnet (23) TCP

The Telnet protocol is a member of the TCP / IP protocol suite and is the standard protocol and primary mode for Internet remote login services.

Test content

  • Violent crack account password
  • According to different versions of the telnet service version and the public exp test

Tools

Nmap script: telnet-brute.nse, telnet-encryption.nse, telnet-ntlm-info.nse

TFTP (69) UDP

TFTP (Trivial File Transfer Protocol) is a protocol in the TCP / IP protocol suite for simple file transfer between the client and the server, providing uncomplicated and less expensive file transfer services.

Test content

  • Blasting account password
  • Unauthorized access
  • According to different versions of the tftp service version and the public exp test

Related tools

Nmap script: tftp-enum.nse

RPC (111) TCP / UDP

RPC (Remote Procedure Call Protocol) – a remote procedure call protocol, which is a network from the remote computer program on the requested service, without the need to understand the underlying network technology protocol.

Test content

  • According to different versions of the RPC protocol version and the public exp test
  • Enum rpc information

Tools

Nmap script: bitcoinrpc-info.nse、metasploit-msgrpc-brute.nse、metasploit-xmlrpc-brute.nse、msrpc-enum.nse、nessus-xmlrpc-brute.nse、rpcap-brute.nse、rpcap-info.nse、rpc-grind.nse、rpcinfo.nse、xmlrpc-methods.nse

NTP (123) UDP

NTP is a Network Time Protocol (Network Time Protocol), which is used to synchronize the time of the computer in the network protocol.

Tools

Nmap script: nmap -Pn -sS -p21 –script ntp * -v

HTTP / HTTPs (443,80,8080,8443) TCP

HyperText Transfer Protocol (HTTP) is the most widely used Internet protocol on the Internet. This agreement is the most we use the agreement, for its attack and test content is very much here is not mentioned.

Mssql (1433) TCP

MsSQL refers to Microsoft’s SQL Server database server, which is a database platform that provides a complete solution for the database from the server to the terminal, where the database server part is a database management system for building, using and maintaining the database.

Test content

  • Violent crack

Tools

Brute force tool: hydra

Nmap script: ms-sql-brute.nse、ms-sql-config.nse、ms-sql-dac.nse、ms-sql-dump-hashes.nse、ms-sql-empty-password.nse、ms-sql-hasdbaccess.nse、ms-sql-info.nse、ms-sql-ntlm-info.nse、ms-sql-query.nse、ms-sql-tables.nse、ms-sql-xp-cmdshell.nse

Mysql (3306) TCP

MySQL is a relational database management system, developed by the Swedish company MySQL AB, is currently owned by Oracle’s products. MySQL is one of the most popular relational database management systems, in the WEB application, MySQL is the best RDBMS (Relational Database Management System, relational database management system) application software.

Test content

  • Violent crack

Tools

Brute force tool: hydra

Oracle (1521) TCP

Oracle Database, also known as Oracle RDBMS, or Oracle. Oracle is a relational database management system. It is in the field of the database has been a leader in the product.

Test content

  • Violent crack
  • Enumerate database information

Tools

Enumeration tools: Tnsver, Tnscmd

Nmap script: oracle-brute.nse, oracle-brute-stealth.nse, oracle-enum-users.nse, oracle-sid-brute.nse, oracle-tns-version.nse

RDP (3389) TCP

Remote Desktop Protocol (RDP) is a multi-channel (multi-channel) protocol, so that users (client or “local computer”) connected to provide Microsoft Terminal Services computer (server or “remote computer”).

Test content

  • Blasting user password
  • According to the network open vulnerability exp test

Tools

Nmap script: rdp-enum-encryption.nse, rdp-vuln-ms12-020.nse

SIP (5060)

SIP (Session Initiation Protocol) is a multimedia communication protocol developed by IETF (Internet Engineering Task Force).

Related tools

Sipflanker, Sipscan

Leave a Reply

Your email address will not be published. Required fields are marked *