KEMBAR78
018 Portscanning1 | PDF | File Transfer Protocol | Port (Computer Networking)
Scribd
Upload
17 views28 pages

018 Portscanning1

Port scanning is the process of identifying open ports on a device, which can be done using tools like nmap. There are 65535 ports available, and after identifying open ports, one can determine the services and their versions running on those ports. The document also discusses how to exploit common ports, such as FTP, and provides examples of commands to use with nmap.

Uploaded by

solegeb598
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
17 views28 pages

018 Portscanning1

Port scanning is the process of identifying open ports on a device, which can be done using tools like nmap. There are 65535 ports available, and after identifying open ports, one can determine the services and their versions running on those ports. The document also discusses how to exploit common ports, such as FTP, and provides examples of commands to use with nmap.

Uploaded by

solegeb598
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 28

Port Scanning

Port Scanning

▪ What is Port :
▪ Port is the windows that the service work over it
▪ Let's suppose that you need to start new service ,
all what you need to open new port
Port Scanning

There are 65535 ports on every IP

These ports can be open , closed , filtered

All what we need to do is to find open ports


Port Scanning

▪ After finding Open ports , we need to Find what is


the services running on these ports ,

▪ After that we need to know what is the version of


these ports
Port Scanning

▪ We will use tool in linux called nmap

To start nmap
# nmap

After the word nmap , put the domain name or Ip


# nmap google.com
# nmap 192.168.1.1
Port Scanning

After while , you will find open ports appeared as


:
Port Scanning

▪ We found 3 open ports ,


▪ 80 , 443, 25
▪ And every port has a service running on it as :
▪ Port 80: http
▪ Port 443: https
▪ Port 25 : smtp
Port Scanning

▪ Http , means that there is website running on port


80 , and https means that there is website running
on 443

▪ 25 smtp , means that there is mail server running


on port 25 ,
▪ Mail server to send and recive messages
Port Scanning

But wait does nmap scanned all ports


No , it scans the top 1000 common ports
If we need to scan all ports ,
# nmap -p- local.ch

Use -p- or –p 65535


Port Scanning

▪ If you need to check specific port as 80


▪ # nmap -p 80 83.247.140.91

▪ # nmap -p80 83.247.140.91


Port Scanning

There are many sites helps you to find open ports as

search.censys.io
Shodan.io

You can find Technologoies via these sites


Port Scanning

▪ What we need to know after knowing open ports is


▪ Services :
▪ Suppose that found open ports 80,443,25,21

▪ Then
▪ # nmap -p80,443,25,21,22,123 83.247.140.91 -sV
Port Scanning
Port Scanning

▪ After knowing the version of the service , you


can take it copy and go to google and search for
exploits

▪ There are scripts in nmap we are gonna talk about


it in advanced level
Port Scanning

▪ But let's talk about ports ,


▪ Port 80 means that http or site is running and for
us we don't care more about it
▪ Port 443,8080 : means that https or secure http
protocol for the site and don't care about it

▪ 21 ftp , protocol is used to transfer the files


▪ (important for us)
Port Scanning

▪ 22 ssh : is used to control the device remotely

▪ 25,587 smtp : is mail server running on domain


▪ 53 DNS : tells that there is dns server running
here
▪ 445,137,139 : Netbios-ssn and SMB , related to
windows server and Active directory
▪ 88 Kerberos : related to authentication server
Port Scanning

▪ We will know how to exploit common ports and


start with ftp
▪ If you found ftp 21 is open then login with
(anonymous:anonymous) as username and password
# ftp <ip>
anonymous and password anonymous
If you logged in then vulnerability and you can find
all system files
Port Scanning

▪ # ftp 84.247.131.64
▪ And put username anonymous and password anonymous
Once you logged in then
# ls
Port Scanning
Port Scanning

▪ What
Port Scanning

▪ What
Port Scanning

▪ What
Port Scanning

▪ What
Port Scanning

▪ What
Port Scanning

▪ What
Port Scanning

▪ What
Port Scanning

▪ What
Port Scanning

▪ What

You might also like