Vulnerable Ports and Servi

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

http://www.speedguide.net/ports_sg.php

 

Port service Vulnerabilities POC Refference
 512 rlogin Without proper authentication rlogin -l <username> IP
Ex: rlogin -l root 192.168.154.132
https://informationtreasure.wordpress.com/2014/07/25/metasploitable-2-vulnerability-assessment-and-remote-login/
http://web.nmsu.edu/~alejbaca/portfolio/senior_project/2-Metasploitable%202%20Exploitability%20Guide%20_%20SecurityStreet.pdf
513
514
6000 X11 Connect to remote display http://www.hackinglinuxexposed.com/articles/20040513.html
http://tutorials.section6.net/home/basics-of-securing-x11
6001
6002
6003
100000 -100024 NFS & mounted https://www.pentestpartners.com/blog/using-nfsshell-to-compromise-older-environments/
http://www.vulnerabilityassessment.co.uk/nfs.htm
1524 ingreslock Backdoor 3281 telnet 192.168.99.131 1524 http://web.nmsu.edu/~alejbaca/portfolio/senior_project/2-Metasploitable%202%20Exploitability%20Guide%20_%20SecurityStreet.pdf
6667 UnreaIRCD IRC daemon Backdoor 3281 use exploit/unix/irc/unreal_ircd_3281_backdoor https://community.rapid7.com/docs/DOC-1875
1099 java_rmi_server https://community.rapid7.com/docs/DOC-1875
3632 distccd https://community.rapid7.com/docs/DOC-1875
1723 PPTP https://www.exploit-db.com/exploits/16/
https://www.exploit-db.com/exploits/19/
8180 tomcat_mgr_login  use scanner/http/tomcat_mgr_login https://myexploit.wordpress.com/port-number-exploits/
5900 vnc use auxiliary/scanner/vnc/vnc_login && vncviewer ip-address:5900 https://myexploit.wordpress.com/port-number-exploits/
5432 postgresql psql -h Remote-IP-Address -U postgres -W https://myexploit.wordpress.com/port-number-exploits/
3306 mysql nmap -p 3306 –script mysql-empty-password.nse External-IP-Address https://myexploit.wordpress.com/port-number-exploits/
135 msrpc
1433 ms-sql-s use exploit/windows/mssql/ms09_004_sp_replwritetovarbin https://myexploit.wordpress.com/port-number-exploits/
139 smb (Linux) smbclient -L //Remote-IP-Address
use auxiliary/admin/smb/samba_symlink_traversal
smbclient //Remote-IP-Address1/tmp
https://myexploit.wordpress.com/port-number-exploits/
445
135 msrpc use exploit/windows/dcerpc/ms03_026_dcom https://myexploit.wordpress.com/port-number-exploits/
https://myexploit.wordpress.com/control-smb-445-137-139/
445 microsoft-ds windows/smb/ms08_067_netapi https://myexploit.wordpress.com/port-number-exploits/
https://myexploit.wordpress.com/control-smb-445-137-139/
1900  UPnP Universal Plug and Play Remote Code Execution (MS07-019)
2869
1444 microsoft sql server (mssql) http://travisaltman.com/pen-test-and-hack-microsoft-sql-server-mssql/
1433 MSSQL http://pen-testing.sans.org/resources/papers/gcih/port-1433-vulnerability-unchecked-buffer-password-encryption-procedure-104360
1434 https://hakin9.org/how-to-use-sqlploit/
1025 – 1030 DCOM http://full-disclosure.grok.org.narkive.com/bNml1QfH/tcp-ports-1025-1030-and-dcom-exploit
389 LDAP https://www.giac.org/paper/gcih/581/cracking-ldap-user-passwords-exploits/106162
Advertisements