Common port security risks & test methods
In the penetration testing, port scanning is a very important step. The purpose of port scanning is to understand the service information running on the server, every different port needs to have different security tests method, the main content of this article is about common port security risks and test methods.
DNS (53) UDP
DNS is an abbreviation for the Domain Name System (DomainNameSystem), which is used to name computers and network services organized into domain hierarchies.
Test content
- Configure the DNS domain for the vulnerability
- Denial of service attacks against dns
- Enumerate the secondary domain name, and drop the domain name information
- For different versions of the dns server, external disclosure vulnerabilities can be found in the major vulnerability database.
Tools
Common tools: dnsenum, nslookup, dig, fierce
Use Nmap script: nmap -Pn –sU -p53 –script dns * -v
SMTP (25) TCP
SMTP (Simple Mail Transfer Protocol) is a simple mail transfer protocol, it is a set of the source address to the destination address for the transmission of the message, from which to control the letter of the transit.
Test content
- Mail spoofing, forward spam
- Use VRFY to enumerate user lists
- For different versions of the mail server, external disclosure vulnerabilities can be found in the major vulnerability database.
Tools
Use namp script: nmap -Pn -sS -p25 –script smtp * -v
SNMP (161) UDP
Simple Network Management Protocol (SNMP), consisting of a set of network management standards, includes an application layer protocol, a database schema, and a set of resource objects.
Test content
- Default community string
- Enumerated MIB
Tools
Common tools: snmpwalk, snmpenum.pl
SSH (22) TCP
SSH is an acronym for Secure Shell, developed by the IETF Network Working Group; SSH is a security protocol based on an application layer
Test content
- Violent crack
- According to different versions of the ssh server version and the public exp test
Tools
Brute force tools: hydra, medusa
Nmap script: nmap -Pn -sS -p22 –script ssh * -v
Connection tool: putty, winscp
SMB (445,137,139) TCP
SMB (Server Message Block) communication protocol is Microsoft (Microsoft) and Intel (Intel) in 1987 to develop the agreement, mainly as a Microsoft network communication protocol.
Test content
- Find smb version
Tools
Msf (auxiliary/scanner/smb/smb_version)
Nmap script: smb-check-vulns
FTP (21) TCP
FTP is File Transfer Protocol (File Transfer Protocol) in English, and the Chinese referred to as “text transmission protocol.” Used for bidirectional transmission of control files on the Internet.
Test content
- Default User Password: anonymous: anonymous
- Violent crack account password
- According to different versions of the ftp server version and the public exp test
Tools
Brute force tools: hydra, medusa
Nmap script: nmap -Pn -sS -p21 –script ftp * -v
Telnet (23) TCP
The Telnet protocol is a member of the TCP / IP protocol suite and is the standard protocol and primary mode for Internet remote login services.
Test content
- Violent crack account password
- According to different versions of the telnet service version and the public exp test
Tools
Nmap script: telnet-brute.nse, telnet-encryption.nse, telnet-ntlm-info.nse
TFTP (69) UDP
TFTP (Trivial File Transfer Protocol) is a protocol in the TCP / IP protocol suite for simple file transfer between the client and the server, providing uncomplicated and less expensive file transfer services.
Test content
- Blasting account password
- Unauthorized access
- According to different versions of the tftp service version and the public exp test
Related tools
Nmap script: tftp-enum.nse
RPC (111) TCP / UDP
RPC (Remote Procedure Call Protocol) – a remote procedure call protocol, which is a network from the remote computer program on the requested service, without the need to understand the underlying network technology protocol.
Test content
- According to different versions of the RPC protocol version and the public exp test
- Enum rpc information
Tools
Nmap script: bitcoinrpc-info.nse、metasploit-msgrpc-brute.nse、metasploit-xmlrpc-brute.nse、msrpc-enum.nse、nessus-xmlrpc-brute.nse、rpcap-brute.nse、rpcap-info.nse、rpc-grind.nse、rpcinfo.nse、xmlrpc-methods.nse
NTP (123) UDP
NTP is a Network Time Protocol (Network Time Protocol), which is used to synchronize the time of the computer in the network protocol.
Tools
Nmap script: nmap -Pn -sS -p21 –script ntp * -v
HTTP / HTTPs (443,80,8080,8443) TCP
HyperText Transfer Protocol (HTTP) is the most widely used Internet protocol on the Internet. This agreement is the most we use the agreement, for its attack and test content is very much here is not mentioned.
Mssql (1433) TCP
MsSQL refers to Microsoft’s SQL Server database server, which is a database platform that provides a complete solution for the database from the server to the terminal, where the database server part is a database management system for building, using and maintaining the database.
Test content
- Violent crack
Tools
Brute force tool: hydra
Nmap script: ms-sql-brute.nse、ms-sql-config.nse、ms-sql-dac.nse、ms-sql-dump-hashes.nse、ms-sql-empty-password.nse、ms-sql-hasdbaccess.nse、ms-sql-info.nse、ms-sql-ntlm-info.nse、ms-sql-query.nse、ms-sql-tables.nse、ms-sql-xp-cmdshell.nse
Mysql (3306) TCP
MySQL is a relational database management system, developed by the Swedish company MySQL AB, is currently owned by Oracle’s products. MySQL is one of the most popular relational database management systems, in the WEB application, MySQL is the best RDBMS (Relational Database Management System, relational database management system) application software.
Test content
- Violent crack
Tools
Brute force tool: hydra
Oracle (1521) TCP
Oracle Database, also known as Oracle RDBMS, or Oracle. Oracle is a relational database management system. It is in the field of the database has been a leader in the product.
Test content
- Violent crack
- Enumerate database information
Tools
Enumeration tools: Tnsver, Tnscmd
Nmap script: oracle-brute.nse, oracle-brute-stealth.nse, oracle-enum-users.nse, oracle-sid-brute.nse, oracle-tns-version.nse
RDP (3389) TCP
Remote Desktop Protocol (RDP) is a multi-channel (multi-channel) protocol, so that users (client or “local computer”) connected to provide Microsoft Terminal Services computer (server or “remote computer”).
Test content
- Blasting user password
- According to the network open vulnerability exp test
Tools
Nmap script: rdp-enum-encryption.nse, rdp-vuln-ms12-020.nse
SIP (5060)
SIP (Session Initiation Protocol) is a multimedia communication protocol developed by IETF (Internet Engineering Task Force).
Related tools
Sipflanker, Sipscan
