Attention: The articles published on this wiki are for education purpose, to use during a CTF or for an authorized penetrationtest. By using the wiki, you've agreed to use this knowledge in an ethical way and do not evil in any perspective.
Massscan is a CLI tool which can be used to enumerate the ports which are open on a target.
$ sudo masscan -p 1-65535 10.10.10.30 -e tun0 --rate=1000
[sudo] password for user:
Starting masscan 1.3.2 (http://bit.ly/14GZzcT) at 2021-03-21 10:09:24 GMT
Initiating SYN Stealth Scan
Scanning 1 hosts [65535 ports/host]
Discovered open port 636/tcp on 10.10.10.30
Discovered open port 49676/tcp on 10.10.10.30
---snip--
nmap can be used to identify open ports, running services on those ports and even the Operating System of the target(s). This tool has a lot of options which can be used. In this part we will describe a very basic usage, otherwise we have to write a whole book.
sudo nmap -sS -A $ip [sudo] password for user Starting Nmap 7.91 ( https://nmap.org ) at 2021-03-21 10:23 CET Nmap scan report for 10.10.10.27 Host is up (0.025s latency). Not shown: 996 closed ports PORT STATE SERVICE VERSION 135/tcp open msrpc Microsoft Windows RPC 139/tcp open netbios-ssn Microsoft Windows netbios-ssn 445/tcp open microsoft-ds Windows Server 2019 Standard 17763 microsoft-ds 1433/tcp open ms-sql-s Microsoft SQL Server 2017 14.00.1000.00; RTM | ms-sql-ntlm-info:
---snip--
Port | Service name | Transport protocol |
---|---|---|
20, 21 | File Transfer Protocol (FTP) | TCP |
22 | Secure Shell (SSH) | TCP and UDP |
23 | Telnet | TCP |
25 | Simple Mail Transfer Protocol (SMTP) | TCP |
50, 51 | IPSec | |
53 | Domain Name System (DNS) | TCP and UDP |
67, 68 | Dynamic Host Configuration Protocol (DHCP) | UDP |
69 | Trivial File Transfer Protocol (TFTP) | UDP |
79 | Finger | TCP and UDP |
80 | HyperText Transfer Protocol (HTTP) | TCP |
110 | Post Office Protocol (POP3) | TCP |
119 | Network News Transport Protocol (NNTP) | TCP |
123 | Network Time Protocol (NTP) | UDP |
135-139 | NetBIOS | TCP and UDP |
143 | Internet Message Access Protocol (IMAP4) | TCP and UDP |
161, 162 | Simple Network Management Protocol (SNMP) | TCP and UDP |
389 | Lightweight Directory Access Protocol (LDAP) | TCP and UDP |
443 | HTTP with Secure Sockets Layer (SSL) | TCP and UDP |
989, 990 | FTP over SSL/TLS (implicit mode) | TCP |
1433 | MS SQL | TCP |
3389 | Remote Desktop Protocol | TCP and UDP |
There are 65535 ports which can be used on a computer. Those ports can be devided in: Well-known ports, Registered ports and Dynamic, private or ephemeral ports. https://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers
Port number | service |
---|---|
1 | tcpmux |
2 | tcpmux |
3 | |
4 | |
5 | |
6 | |
7 | |
8 | |
9 | |
10 | |
11 | |
12 | |
13 | |
14 | |
15 | |
16 | |
17 | |
18 | |
19 | |
20 | FTP |
21 | FTP |
22 | SSH |
23 | Telnet |
24 | |
25 | SMTP |
26 | |
27 | |
28 | |
29 | |
30 | |
31 | |
32 | |
33 | |
34 | |
35 | |
36 | |
37 | |
38 | |
39 | |
40 | |
41 | |
42 | |
43 | |
44 | |
45 | |
46 | |
47 | |
48 | |
49 | |
50 | |
51 | |
52 | |
53 | DNS |
54 | |
55 | |
56 | |
57 | |
58 | |
59 | |
60 | |
61 | |
62 | |
63 | |
64 | |
65 | |
66 | |
67 | DHCP |
68 | DHCP |
69 | TFTP |
70 | |
71 | |
72 | |
73 | |
74 | |
75 | |
76 | |
77 | |
78 | |
79 | Finger |
80 | http |