Introduction
If you’re just starting out in the world of cybersecurity, you may have heard the term “port” thrown around a lot but aren’t quite sure what it means. In this blog post, we’ll explore what ports are and why they’re important in the realm of cybersecurity. A port is simply a numerical label assigned to each end of a communication channel that is used to identify a specific process or service on a computer. When you connect to the internet, your computer uses ports to communicate with servers and other devices. There are two main types of ports: physical and logical. Physical ports are the actual connectors on your computer, such as the USB port or Ethernet port. Logical ports, on the other hand, are virtual connections that are used by software to communicate with other devices or servers. Each port has a specific function, and certain ports are reserved for specific types of communication. For example, port 80 is typically used for HTTP (HyperText Transfer Protocol) traffic, which is the foundation of the World Wide Web. Port 443 is typically used for HTTPS (HTTP Secure) traffic, which is a secure version of HTTP that is used for transmitting sensitive information, such as passwords and credit card numbers. Ports are important because they can be used to identify and track communication between devices. For example, if you’re trying to detect an intrusion on your network, you can use port analysis to see what kinds of traffic are going in and out of your network and look for any suspicious activity. It’s also important to note that hackers often try to exploit open or unsecured ports in order to gain access to your network or computer. This is why it’s important to keep your ports secure and only open the ones that you need. You can do this by using a firewall or by manually configuring your ports.
When it comes to port scans, there are certain ports that are more important to check than others, as they are commonly used by hackers to gain access to a system. These “high-value” ports are typically the ones that are associated with services that are vulnerable to attack or that have access to sensitive information.
Section 1: Identifying High-Value Ports
- Port 21: FTP (File Transfer Protocol)
- Port 22: SSH (Secure Shell)
- Port 23: Telnet
- Port 25: SMTP (Simple Mail Transfer Protocol)
- Port 53: DNS (Domain Name System)
- Port 80: HTTP
- Port 110: POP3 (Post Office Protocol version 3)
- Port 443: HTTPS
- Port 1433: MSSQL (Microsoft SQL Server)
It’s important to note that these are just a few examples, and the specific high-value ports may vary depending on the system you are testing.
If you come across other ports you can use the following URL to find what they are:
https://www.speedguide.net/ports.php
Section 2: Enumerating with NMAP
Nmap (Network Mapper) to scan your system and identify any open or unsecured ports. Nmap is a free and open-source tool that can be used to discover hosts, services, and open ports on a network. It allows you to specify which ports to scan and provides detailed information about the services that are running on those ports. NMAP comes installed by default in Kali Linux and a simple command can start the scanning such as this:
nmap -T4 -A -p- 10.10.10.3 -sV -sC -Pn -oN nmap.txtFor an example of use can refer to any HTB walkthroughs – Lame Walkthrough Hack the Box – EASY
Once you’ve identified any open or unsecured ports, you can then use other tools to test those ports for vulnerabilities. For example, you could use a vulnerability scanner to check for known vulnerabilities or use manual testing techniques to try and exploit any weaknesses that you find.
Section 3: Port Specific Scanning and Queries
Port 21: FTP (File Transfer Protocol)
To enumerate vulnerabilities in FTP servers, you can use a tool such as Metasploit or FTP Bounce Scanner. These tools allow you to test for known vulnerabilities in FTP servers and can help you identify any weaknesses that may be present.
Here’s an example Metasploit command that can be used to scan for vulnerabilities in an FTP server:
use auxiliary/scanner/ftp/ftp_login
set RHOSTS [IP address of FTP server]
set USERNAME [Username to test]
set PASSWORD [Password to test]
set STOP_ON_SUCCESS true
runPort 22: SSH (Secure Shell)
To enumerate vulnerabilities in SSH servers, you can use a tool such as Metasploit or Ncrack. These tools allow you to test for known vulnerabilities in SSH servers and can help you identify any weaknesses that may be present.
Here’s an example Metasploit command that can be used to scan for vulnerabilities in an SSH server:
use auxiliary/scanner/ssh/ssh_login
set RHOSTS [IP address of SSH server]
set USERNAME [Username to test]
set PASSWORD [Password to test]
set STOP_ON_SUCCESS true
runPort 23: Telnet
To enumerate for vulnerabilities in Telnet servers, you can use a tool such as Metasploit or Ncrack. These tools allow you to test for known vulnerabilities in Telnet servers and can help you identify any weaknesses that may be present.
Here’s an example Metasploit command that can be used to scan for vulnerabilities in a Telnet server:
use auxiliary/scanner/telnet/telnet_login
set RHOSTS [IP address of Telnet server]
set USERNAME [Username to test]
set PASSWORD [Password to test]
set STOP_ON_SUCCESS true
runPort 25: SMTP (Simple Mail Transfer Protocol)
To enumerate vulnerabilities in SMTP servers, you can use a tool such as Metasploit or Ncrack. These tools allow you to test for known vulnerabilities in SMTP servers and can help you identify any weaknesses that may be present.
Here’s an example Metasploit command that can be used to scan for vulnerabilities in an SMTP server:
use auxiliary/scanner/smtp/smtp_login
set RHOSTS [IP address of SMTP server]
set USERNAME [Username to test]
set PASSWORD [Password to test]
set STOP_ON_SUCCESS true
runPort 53: DNS (Domain Name System)
To enumerate vulnerabilities in DNS servers, you can use a tool such as Metasploit or Dnsrecon. These tools allow you to test for known vulnerabilities in DNS servers and can help you identify any weaknesses that may be present.
Here’s an example Metasploit command that can be used to scan for vulnerabilities in a DNS server:
use auxiliary/scanner/dns/dnsIt’s important to keep in mind that port scanning and vulnerability testing should only be done with the proper permissions and in a controlled environment. Conducting unauthorized scans or attempting to exploit vulnerabilities without permission can be illegal and can result in serious consequences.
In conclusion, when performing port scans, it’s important to focus on the high-value ports that are commonly targeted by hackers. You can use tools like Nmap to identify any open or unsecured ports and then use other tools to test those ports for vulnerabilities. Always remember to follow proper protocols and obtain the necessary permissions before conducting any port scans or vulnerability testing.
