Web penetration testing: summary of commonly used port numbers and attack directions

Category: Tag:

In the process of penetration testing, the collection of port information is a very important process. By scanning the open ports of the server and judging the services existing on the server from the ports, we can learn some key information of the server and facilitate our infiltration of the target server. . Let me introduce to you the common ports and the attack direction of the ports.

Remote connection service port

Port number Port description Attack direction
22 SSH remote connection Blasting, SSH tunnel and intranet proxy forwarding, file transfer
23 Telnet remote connection Blasting, sniffing, weak passwords
3389 Rdp remote desktop connection Shift backdoor (requires a system below Windows Server 2003), blasting
5900 VNC Weak password blasting
5632 PyAnywhere service Password capture, code execution

File sharing service port

Port number Port description Attack direction
21/22/69 Ftp/Tftp file transfer protocol Allow anonymous upload, download, blasting and sniffing operations
2049 Nfs service Improper configuration
139 Samba Blasting, unauthorized access, remote code execution
389 Ldap directory access protocol Injection, allow anonymous access, weak password

Web application service port

Port number Port description Attack direction
80/443/8080 Common web service ports Web attacks, blasting, corresponding server version vulnerabilities
7001/7002 WebLogic console Java deserialization, weak password
8080/8089 Jboss/Resin/Jetty/Jenkins Deserialization, weak console password
9090 WebSphere console Java deserialization, weak password
4848 GlassFish console weak password
1352 Lotus domino mail service Weak passwords, information leakage, blasting
10000 Webmin-Web Control Panel weak password

Database service port

Port number Port description Attack direction
3306 MySQL Injection, escalation, blasting
1433 MSSQL Injection, privilege escalation, weak SA password, blasting
1521 Oracle TNS blasting, injection, rebound Shell
5432 PostgreSQL Blast, inject, weak password
27017 MongoDB Blasting, unauthorized access
6379 Redis Unauthorized access, weak password blasting
5000 SyBase/DB2 Blasting, injection

Mail service port

Port number Port description Attack direction
25 SMTP mail service Mail forgery
110 POP3 protocol Blasting, sniffing
143 IMAP protocol Blasting

Common network protocol ports

Port number Port description Attack direction
53 DNS Domain Name System Allow zone transfer, DNS hijacking, cache poisoning, spoofing
67/68 DHCP service Hijacking, cheating
161 SNMP protocol Blasting, collecting target intranet information

Special service port

Port number Port description Attack direction
2181 Zookeeper service Unauthorized access
8069 Zabbix service Remote execution, SQL injection
9200/9300 Elasticsearch service Remote execution
11211 Memcache service Unauthorized access
512/513/514 Linux Rexec service Blasting, Rlogin login
873 Rsync service Anonymous access, file upload
3690 Svn service Svn leaks, unauthorized access
50000 SAP Management Console Remote execution

The above are the commonly used port numbers and attack methods, you can bookmark them.

Reviews

There are no reviews yet.

Be the first to review “Web penetration testing: summary of commonly used port numbers and attack directions”

Your email address will not be published. Required fields are marked *