InfoSec Forums InfoSec Forums Network Penetration Testing Vulnerability Analysis [Tips] Testing common weaknesses ports

This topic contains 0 replies, has 1 voice, and was last updated by do son do son 2 months, 2 weeks ago.

  • Author
    Posts
  • #3472
    do son
    do son
    Moderator
    • Topics:202
    • Comments:51
    • Super Member
    • ★★★★

    On your Penetration Testing, you usually need to conduct a port scanning for identify open ports and  running services. On this topic, i am guide some weaknesses ports that you should test.

    What is Ports?

    Ports act as logical communications endpoints for computer and are used on the Transport layer of the OSI model by protocol. There are 65,536 ports altogether, numbering between 0 and 65,535.

    Port Range Category Type Description
    0       – 1023 Well-known Ports This range defines commonly used protocol. They are designated by IANA (Internet Assigned Numbers Authority), which is operated by ICANN (Internet Corporation for Assigned Names and Numbers)
    1024 – 49,151 Registered Ports Ports used by vendors for proprietary applications. Theses must be registered with the IANA. For example, Microsoft registered 3,389 for use with the Remote Desktop Protocol (RDP)
    49,152 – 65,535 Dynamic and Private Ports These port can be used by applications but cannot be registered by vendors.

    These are two type ports:

    • Inbound ports – used when another computer wants to connect to a service or application running on your computer. Servers primarily use inbound ports so that they can accept incoming connections and serve data.
    • Outbound ports – used when your computer wants to connect to a service or application running on another computer. Client computers primarily use outbound ports that are assigned dynamically by the operating system.

    Below is the list of common weaknesses ports

    21 ftp
    80 web
    443 openssl
    873 rsync
    2601,2604 zebra
    8128 squid
    4440 rundeck
    6082 varnish
    6379 redis
    8000-9000
    9200 elasticsearch
    11211 memcache
    27017 mongodb
    28017 mongodb
    50070 hadoop
    7001 weblogic
    50000 SAP
    8080 tomcat/WDCP
    8888 amh/Lumanager
    2222 DA
    2082/2083 cpanel
    3312/3311 kangle
    8083 vestacp
    7778 kloxo
    10000 virtualmin/webmin
    8089 jboss
    8649 ganglia

    Tips: You can scan all these ports by using Nmap:
    nmap -sT -sV -p 21,80,443,873,2601,2604,3128,4440,6082,6379,8000,8008,8080,8081,8090,8099,8088,8888,9000,9090,9200,11211,27017,28017 –max-hostgroup 10 –max-parallelism 10 –max-rtt-timeout 1000ms –host-timeout 800s –max-scan-delay 2000ms -iL iplist.txt -oN result/port.txt –open

    No system is truly secure!

You must be logged in to reply to this topic.