In the process of penetration testing, the collection of port information is a very important process. By scanning the open ports of the server and judging the services existing on the server from the ports, we can learn some key information of the server and facilitate our infiltration of the target server. . Let me introduce to you the common ports and the attack direction of the ports.
Remote connection service port
| Port number | Port description | Attack direction |
|---|---|---|
| 22 | SSH remote connection | Blasting, SSH tunnel and intranet proxy forwarding, file transfer |
| 23 | Telnet remote connection | Blasting, sniffing, weak passwords |
| 3389 | Rdp remote desktop connection | Shift backdoor (requires a system below Windows Server 2003), blasting |
| 5900 | VNC | Weak password blasting |
| 5632 | PyAnywhere service | Password capture, code execution |
File sharing service port
| Port number | Port description | Attack direction |
|---|---|---|
| 21/22/69 | Ftp/Tftp file transfer protocol | Allow anonymous upload, download, blasting and sniffing operations |
| 2049 | Nfs service | Improper configuration |
| 139 | Samba | Blasting, unauthorized access, remote code execution |
| 389 | Ldap directory access protocol | Injection, allow anonymous access, weak password |
Web application service port
| Port number | Port description | Attack direction |
|---|---|---|
| 80/443/8080 | Common web service ports | Web attacks, blasting, corresponding server version vulnerabilities |
| 7001/7002 | WebLogic console | Java deserialization, weak password |
| 8080/8089 | Jboss/Resin/Jetty/Jenkins | Deserialization, weak console password |
| 9090 | WebSphere console | Java deserialization, weak password |
| 4848 | GlassFish console | weak password |
| 1352 | Lotus domino mail service | Weak passwords, information leakage, blasting |
| 10000 | Webmin-Web Control Panel | weak password |
Database service port
| Port number | Port description | Attack direction |
|---|---|---|
| 3306 | MySQL | Injection, escalation, blasting |
| 1433 | MSSQL | Injection, privilege escalation, weak SA password, blasting |
| 1521 | Oracle | TNS blasting, injection, rebound Shell |
| 5432 | PostgreSQL | Blast, inject, weak password |
| 27017 | MongoDB | Blasting, unauthorized access |
| 6379 | Redis | Unauthorized access, weak password blasting |
| 5000 | SyBase/DB2 | Blasting, injection |
Mail service port
| Port number | Port description | Attack direction |
|---|---|---|
| 25 | SMTP mail service | Mail forgery |
| 110 | POP3 protocol | Blasting, sniffing |
| 143 | IMAP protocol | Blasting |
Common network protocol ports
| Port number | Port description | Attack direction |
|---|---|---|
| 53 | DNS Domain Name System | Allow zone transfer, DNS hijacking, cache poisoning, spoofing |
| 67/68 | DHCP service | Hijacking, cheating |
| 161 | SNMP protocol | Blasting, collecting target intranet information |
Special service port
| Port number | Port description | Attack direction |
|---|---|---|
| 2181 | Zookeeper service | Unauthorized access |
| 8069 | Zabbix service | Remote execution, SQL injection |
| 9200/9300 | Elasticsearch service | Remote execution |
| 11211 | Memcache service | Unauthorized access |
| 512/513/514 | Linux Rexec service | Blasting, Rlogin login |
| 873 | Rsync service | Anonymous access, file upload |
| 3690 | Svn service | Svn leaks, unauthorized access |
| 50000 | SAP Management Console | Remote execution |
The above are the commonly used port numbers and attack methods, you can bookmark them.
Reviews
There are no reviews yet.