Cheat Sheet : Known Ports & Protocol

-
Its always good to know some common ports and protocol Ids that are used in attacks. Here is a list of some common ones:

 Protocols

1    ICMP
6    TCP
17  UDP
47  GRE
50  ESP
51  AH

 Ports
20 - 21      FTP
22             SSH
23             Telnet
25             SMTP
42             WINS
53             DNS
80, 81, 8080    HTTP
88              Kerberos
110            POP3
111            Portmapper (Linux)
119            NNTP
123            NTP
135            RPC-DCOM
137, 138, 139         SMB
143            IMAP
161, 162    SNMP
389           LDAP
445           CIFS
514           Syslog
636           Secure LDAP
1080         SOCKS5
1241         Nessus Server
1433, 1434      SQL Server
1494, 2598     Citrix Applications
1521              Oracle Database Listener
2512, 2513     Citrix Management Services
3389          RDP
5900          VNC
6662 - 6667      IRC
14237               Palm Pilot Remote Sync


Trojan Horses

7777          Tini
12345         NetBus
27374        Sub7
31337         Back Orifice  


Ports involved with enumerations attacks
111                 Linux Portmapper Service
42                   WINS
88                   Kerberos
135                 Windows RPC-DCOM
137                 NetBIOS Name Service
138                 NetBIOS Datagram Service
139                 NetBIOS Sessions
161                 SNMP Agent
162                 SNMP Traps
389                 LDAP
445                 CIFS (Common Internet File System)

Comments

Post a Comment

Popular posts from this blog

Cheat Sheet : Wireshark

-
 Now that you know some command line packet sniffing, lets go over some wireshark display filters: * If you want to filter by a protocol, just type it in, like arp, dns, etc.   * If you click the analyze tab you can filter here as well   * If you did it by tp, you can go to preferences/protocols/tcp and take the check out of “relative sequence numbers” and they will show the real seq numbers   * Right click a packet and follow tcp stream to see the whole conversation between the client and the server . if you do this and you close out of the window you will see that the filter is listed for these packets   * A source filter can be applied to restrict the packet view in wireshark to only those packets that have source IP as mentioned in the filter. The filter applied in the example below is: ip.src == 10.10.10.5   * A destination filter can be applied to restrict the packet view in wireshark to only those packets that have destination IP as m...
Read more

Monitor and block SSH connection attempts

-
Monitor and block SSH connection attempts. Here is a simple guide for iptables... This will set iptables to default: ........ sudo iptables -P INPUT ACCEPT sudo iptables -P OUTPUT ACCEPT sudo iptables -P FORWARD ACCEPT Then flush the rules: sudo iptables -F INPUT sudo iptables -F OUTPUT sudo iptables -F FORWARD This allows you to view your current rules: $ sudo iptables -L ........ Install iptables-persistent package to save tables on reboot. $ sudo apt-get install iptables-persistent During the installation, you will asked if you want to save your current firewall rules. If you update your firewall rules and want to save the changes, run this command: $ sudo netfilter-persistent save $ sudo netfilter-persistent reload ........ With the following, an attacker is allowed to produce exactly 3 faulty logins in 2 minutes. Afterwards, they will be blocked for 120 seconds. 1) Add the following line to /etc/ssh/sshd...
Read more

Cheat Sheet : NetCat

-
Netcat is known by most hackers as the swiss army knife of hacking. Its a great tool to setup backdoors or just plain and simple tcp or udp connections. Heres a few examples of how you can use netcat: Lets do some exercises with it in Kali linux. Our VMs today are a kali linux  and a windows 7. First start by looking at the help file nc -h  1. Lets check to see what ports are listening,(first start the apache2 service) type: nc -v 80  2. If you had started the apache service on kali linux you should see it shows there as open  3. You can also set up a listener port, type: nc -lvp 1234  4. The l here is for listen, the v is for verbose, the p is to specify the port to listen on  5. Lets open up a second terminal window and use netcat to connect to the listener  6. In the second terminal type: nc 10.0.0.100 1234 and hit enter  7. The first terminal should show you connected  8. Now lets chat from the second terminal b...
Read more