On your Penetration Testing, you usually need to conduct a port scanning for identify open ports and running services. On this topic, i am guide some weaknesses ports that you should test.
What is Ports?
Ports act as logical communications endpoints for computer and are used on the Transport layer of the OSI model by protocol. There are 65,536 ports altogether, numbering between 0 and 65,535.
0 – 1023
This range defines commonly used protocol. They are designated by IANA (Internet Assigned Numbers Authority), which is operated by ICANN (Internet Corporation for Assigned Names and Numbers)
1024 – 49,151
Ports used by vendors for proprietary applications. Theses must be registered with the IANA. For example, Microsoft registered 3,389 for use with the Remote Desktop Protocol (RDP)
49,152 – 65,535
Dynamic and Private Ports
These port can be used by applications but cannot be registered by vendors.
These are two type ports:
Inbound ports – used when another computer wants to connect to a service or application running on your computer. Servers primarily use inbound ports so that they can accept incoming connections and serve data.
Outbound ports – used when your computer wants to connect to a service or application running on another computer. Client computers primarily use outbound ports that are assigned dynamically by the operating system.
Tips: You can scan all these ports by using Nmap: nmap -sT -sV -p 21,80,443,873,2601,2604,3128,4440,6082,6379,8000,8008,8080,8081,8090,8099,8088,8888,9000,9090,9200,11211,27017,28017 –max-hostgroup 10 –max-parallelism 10 –max-rtt-timeout 1000ms –host-timeout 800s –max-scan-delay 2000ms -iL iplist.txt -oN result/port.txt –open
No system is truly secure!
You must be logged in to reply to this topic.