Scanning ports is an important part of penetration testing. It allows yous to identify and exploit vulnerabilities in websites, mobile applications, or systems. As a penetration tester or ethical hacker, it is essential you lot know the easiest and most vulnerable ports to assail when carrying out a test.

Then what actually are open up ports? And which ports are virtually vulnerable?

What Is a Penetration Exam?

A penetration exam is a form of upstanding hacking that involves carrying out authorized simulated cybersecurity attacks on websites, mobile applications, networks, and systems to discover vulnerabilities on them using cybersecurity strategies and tools. This is done to evaluate the security of the system in question.

What Are Ports?

A port is a virtual assortment used by computers to communicate with other computers over a network. A port is also referred to as the number assigned to a specific network protocol. A network protocol is a set of rules that determine how devices transmit data to and fro on a network.

The two most common types of network protocols are the Manual Control Protocol (TCP) and the User Datagram Protocol (UDP).

Transmission Control Protocols

TCP is a communication standard that allows devices to transport and receive information deeply and orderly over a network. It does this by establishing a connectedness from the client computer to the server or designated computer, and then sending packets of information over the network. TCP works hand in hand with the internet protocol to connect computers over the internet.

User Datagram Protocols

UDP works very much like TCP, just it does non found a connection before transferring information. The UDP is faster than the TCP because it skips the establishing connection step and just transfers information to the target computer over a network. This makes it unreliable and less secure.

How to Check for Open up Ports

An open port is a TCP or UDP port that accepts connections or packets of information. If a port rejects connections or packets of information, then it is called a closed port. Open ports are necessary for network traffic across the internet.

To check for open ports, all yous need is the target IP address and a port scanner. There are many costless port scanners and penetration testing tools that can be used both on the CLI and the GUI. The most popular port scanner is Nmap, which is free, open-source, and like shooting fish in a barrel to apply. If you're unfamiliar with information technology, you can learn how to scan for open ports using Nmap.

Are All Open Ports Vulnerable?

Not necessarily. Although a closed port is less of a vulnerability compared to an open up port, non all open ports are vulnerable. Rather, the services and technologies using that port are liable to vulnerabilities. So, if the infrastructure behind a port isn't secure, that port is decumbent to assail.

Vulnerable Ports to Look Out For

pentest-scan

There are over 130,000 TCP and UDP ports, notwithstanding some are more vulnerable than others. In penetration testing, these ports are considered low-hanging fruits, i.e. vulnerabilities that are easy to exploit.

Many ports have known vulnerabilities that you lot can exploit when they come up up in the scanning phase of your penetration test. Here are some common vulnerable ports you need to know.

1. FTP (20, 21)

FTP stands for File Transfer Protocol. Port 20 and 21 are solely TCP ports used to allow users to ship and to receive files from a server to their personal computers.

The FTP port is insecure and outdated and can be exploited using:

  • Bearding hallmark. You lot can log into the FTP port with both username and password set to "bearding".
  • Cross-Site Scripting.
  • Animal-forcing passwords.
  • Directory traversal attacks.

ii. SSH (22)

SSH stands for Secure Shell. It is a TCP port used to ensure secure remote access to servers. You lot can exploit the SSH port by brute-forcing SSH credentials or using a individual key to proceeds access to the target organization.

3. SMB (139, 137, 445)

SMB stands for Server Message Block. It is a advice protocol created past Microsoft to provide sharing access of files and printers beyond a network. When enumerating the SMB port, find the SMB version, and so you tin search for an exploit on the internet, Searchsploit, or Metasploit.

The SMB port could be exploited using the EternalBlue vulnerability, beast forcing SMB login credentials, exploiting the SMB port using NTLM Capture, and connecting to SMB using PSexec.

An example of an SMB vulnerability is the Wannacry vulnerability that runs on EternalBlue

4. DNS (53)

DNS stands for Domain Name Arrangement. Information technology is both a TCP and UDP port used for transfers and queries respectively. I common exploit on the DNS ports is the Distributed Denial of Service (DDoS) attack.

5. HTTP / HTTPS (443, 80, 8080, 8443)

HTTP stands for HyperText Transfer Protocol, while HTTPS stands for HyperText Transfer Protocol Secure (which is the more than secure version of HTTP). These are the well-nigh popular and widely used protocols on the internet, and equally such are prone to many vulnerabilities. They are vulnerable to SQL injections, cross-site scripting, cross-site request forgery, etc

six. Telnet (23)

The Telnet protocol is a TCP protocol that enables a user to connect to remote computers over the internet. The Telnet port has long been replaced by SSH, but it is however used by some websites today. It is outdated, insecure, and vulnerable to malware. Telnet is vulnerable to spoofing, credential sniffing, and credential creature-forcing.

seven. SMTP (25)

SMTP stands for Simple Mail Transfer Protocol. It is a TCP port used for sending and receiving mails. It can exist vulnerable to postal service spamming and spoofing if not well-secured.

8. TFTP (69)

TFTP stands for Petty File Transfer Protocol. Information technology's a UDP port used to transport and receive files between a user and a server over a network. TFTP is a simplified version of the file transfer protocol. Because it is a UDP port, it does not crave authentication, which makes it faster yet less secure.

It tin exist exploited using password spraying and unauthorized admission, and Denial of Service (DoS) attacks.

Port Scanning as a Pentester

As a penetration tester or ethical hacking, the importance of port scanning cannot be overemphasized. Port scanning helps you lot to gather information about a given target, know the services running behind specific ports, and the vulnerabilities attached to them.

At present that you know the nigh vulnerable ports on the internet, you can use this information to perform pentests. Good luck!

What Is Port Scanning and How Does It Work?

Read Next

About The Author

Chioma Ibeakanma (xix Manufactures Published)

Chioma is a technical writer who loves communicating to her readers through her writing. When she isn't writing something, she tin can be found hanging out with friends, volunteering, or trying out new tech trends.

More From Chioma Ibeakanma