Shulou(Shulou.com)06/01 Report--

Service and security correspond. Each time a port is opened, the size of the port becomes a little larger. The more ports are opened, the greater the threat to the server. Before you start scanning, you might as well use telnet to simply detect whether some ports are open to avoid using scanners to block IP. Scan full ports generally use Nmap,masscan to scan and detect, and collect as many open ports as possible for the corresponding service version. After getting the exact service version, you can search for vulnerabilities in the corresponding version. Common port information and methods.

Port number Port Service / Protocol brief description of some possible uses of the port tcp 20 ftp default data and command transmission port [plaintext or encrypted transmission] allows anonymous upload and download, blasting, sniffing, win rights enhancement, remote execution (proftpd 1.3.5), all kinds of backdoors (proftpd,vsftp 2.3.4)

Tcp 22 ssh [data ssl encrypted transmission] can attempt to explode according to the information collected, v1 version can be middleman, ssh tunnel and intranet proxy forwarding, file transfer, etc. Commonly used for linux remote management.

Tcp 23 telnet [plaintext transmission] burst, sniff, commonly used for routing, switching login, can try weak passwords, may have unexpected gains

Tcp 25 smtp [simple Mail transfer Protocol, which may be enabled by default in most linux distributions] email forgery, vrfy/expn query email user information, you can use smtp-user-enum tools to run automatically.

Tcp/udp 53 dns [domain name resolution] allows zone transfer, dns hijacking, cache poisoning, spoofing and various remote controls based on dns tunnels

Tcp/udp 69 tftp [simple File transfer Protocol, unauthenticated] attempted to download the target and its various important configuration files

Tcp 80-89Person443 web 8440-8450 web [various commonly used web service ports] A variety of commonly used web service ports, you can try the classic top nGraingheaday web mail, target oa, various java consoles, various server web management panels, various web middleware vulnerabilities, various web framework vulnerabilities, and so on.

Tcp 110 [Post Office Protocol, plaintext but ciphertext] can try to blow up, sniff

Tcp 137139445 samba [smb implements file sharing between windows and linux, plaintext] can attempt blasting as well as various remote execution class vulnerabilities of smb itself, such as ms08-067, sniffing, etc.

Tcp 143imap [plaintext but ciphertext] can try blasting

Udp 161snmp [clear text] burst the default team string to collect target private network information

Tcp 389ldap [lightweight Directory access Protocol] ldap injection, allows anonymous access, weak password

Tcp 512513514 linux rexec explosive, rlogin login

Tcp 873 rsync backup service anonymous access, file upload

Tcp 1194 open*** tries to find a * account and enter the intranet.

Tcp 1352 Lotus domino mail service weak password, information disclosure, explosion

Tcp 1433 mssql database injection, weighting, sa weak password, blasting

Tcp 1521 oracle database tns explodes, injects, plays shell...

Tcp 1500 ispmanager Host Control Panel weak password

Improper configuration of tcp 1025pr 111pr 2049 nfs permissions

Tcp 1723 pptp explodes, find a way to get a * account and enter the intranet

Tcp 2082 cpanel host management panel login weak password

Tcp 2181 zookeeper unauthorized access

Tcp 2601 2604 zebra routing default password zerbra

Tcp 3128 squid Agent Service weak password

Tcp 3312jc3311 kangle host administration login weak password

Tcp 3306 mysql database injection, weighting, blasting

Tcp 3389 windows rdp remote Desktop shift backdoor [system below 03], blasting, ms12-020 [Blue screen exp]

Tcp 4848 glassfish console weak password

Tcp 4899 radmin remote Desktop Management tool, now very little grasp password expansion machine

Tcp 5000 sybase/DB2 database burst, injection

Tcp 5432 postgresql database burst, injection, weak password

Tcp 5632 pcanywhere remote Desktop Management tools grasp passwords, code execution, has almost retired from the stage of history

Tcp 5901 vnc 5902 remote Desktop Management tool weak password burst, if the information collection is not in place, the chance of success is very small.

Arbitrary instruction execution caused by unauthorized tcp 5984 CouchDB

Tcp 6379 redis can attempt unauthorized access without authorization, weak password burst

Tcp 7001re7002 weblogic console java deserialization, weak password

Tcp 7778 kloxo host panel login

Tcp 8000 Ajenti Host Control Panel weak password

Tcp 8443 plesk Host Control Panel weak password

Tcp 8069 zabbix remote execution, sql injection

Tcp 8080-8089 Jenkins,jboss deserialization, console weak password

Tcp 9080-9081 websphere console java deserialization / weak password

Tcp 9200je 9300 elasticsearch remote execution

Tcp 10000 webmin linux host web control panel entry weak password

Tcp 11211 memcached unauthorized access

Tcp 27017 27018 mongodb blasting, unauthorized access

Tcp 3690 svn service svn is compromised, unauthorized access

Tcp 50000 SAP Management Console remote execution

Tcp 50070 50030 hadoop default port is not authorized to access

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.