From a red team’s point of view, port scanning is one of the most exciting tasks to handle whenever you’re collecting OSINT data about a remote target. However, open ports are not only important on the offensive side, but also on the defensive front.
What is offensive and defensive security?
Offensive security is a proactive and adversarial approach to protecting computer systems, networks and individuals from attacks. Conventional security -- sometimes referred to as "defensive security" -- focuses on reactive measures, such as patching software and finding and fixing system vulnerabilities.
When we talk about open ports, it deals with two basic things related to Ethernet port and its IP address and Internet based services, so we call it virtual ports which may or may not be open.
Internet server runs a lot of services (ports) such as HTTP, SMTP, TELNET etc.
HTTP : which helps in visiting any web page, website in the browser and also in receiving and sending data but yes it is also stateless.
SMTP & TELNET : Email services have SMTP and Telnet and by opening their ports we can send and receive email.
and the other side Developers also use ports like FTP for file transfer ( FIle transfer protocol - Port 21-22 ) and SSH Secure Shell Send and receive computer data from computers by creating an encrypted tunnel.
Port Concept
And this is where the ‘port’ concept comes in. A port is basically a way to help systems identify, establish and transmit data from one side to the other.
There are 65,535 possible ports that could be assigned to any services.
if a port is open (used) it can be listening on any number in the 1-65535 range.
And when you install an operating system on your desktop PC or on any virtual machine—and you install, say, Nginx or Exim—a port will be needed in order to have that daemon (service) ready to receive and send data over the network.
Once a port is running on a certain number, you can’t run other services on that same port. For example, starting Apache after you’ve already started Nginx on port 80 will lead to a failed operation because the port is already in use.
Know that whenever you browse a page, you’re connecting to port 80 (for HTTP) or 443 (for HTTPS based requests), or whenever you request information from a remote SSH server you’ll probably do it through port 22.
Are open ports dangerous?
Open ports can be Dangerous or not because from the point of view of IT experts, it would be wrong to say that Open Ports can be Dangerous.
If your system, network, is not updated then the problem can happen and the other thing is that the system, machine, network you use, you keep everything updated and still there is a port open in your system then I It can be sure that you can not have much problem because the attackers also know that if the bug in the system, machine, network has been fixed, then only the attackers can hack your system completely. What are open ports and Are open ports dangerous?
What are the common open ports?
FTP - 20, 21 are the ports used during a classic FTP connection between client and server.
Telnet - 23 is dedicated to the Telnet application server that receives connections from any Telnet client.
SMTP - 25 is dedicated to relaying messages between MTAs (mail transfer agents).
DNS - 53 is where the DNS server runs, and one of the most famous daemons that uses this port is Bind.
DHCP - 67, 68: port 67 is used for the DHCP server, and the UDP port 68 for the DHCP client.
HTTP - 80 is the port assigned to web servers and directly associated with the Hypertext Transfer Protocol.
POP3 - 110 is the Post Office Protocol, one of the most traditional protocols used by email clients to retrieve data from remote email servers.
IMAP - 143 is the default IMAP port for non-encrypted connections.
HTTPS - 443 is the port used to serve all SSL-based requests on any website.
What are the default open ports?
This depends entirely on the operating system you’re running, as not all OSs run the same services. For example, Windows, MacOS and Linux all run different core daemons, therefore, a port that is open on one could be closed on the other.
On our top scanned ports blog post, we analyzed the most scanned ports. That data could lead to an answer for this question, but not necessarily when it comes to default open ports.
The list of default open ports could be huge depending on the OS, version or distribution. For example, MacOS websites state that there are around 132 ports that could potentially be used on many of their Apple services.
On others, the list of default open ports could be reduced to none.
In our testing, running a full Nmap scan on an Ubuntu image leads us to discover these ports open by default:
As you can see, by default all Ubuntu 18.x DigitalOCean images used to create droplets have SSH enabled by default running on port 22—which is logical, because otherwise you wouldn’t have a way to connect to the server.
CentOS, on the other hand, had three open ports by default, as shown in the following screenshot:
How do I find out what ports are open on my online infrastructure?
In order to scan a local machine you can do it by issuing the following command:
nmap -p 1-65535 localhost
If you want to run a scan against any other remote network, you can do it by using:
nmap -p 1-1024 X.X.X.X
(Where “X.X.X.X” is the remote IP address you want to target.)
From 1 to 65535, you can scan any range you need, just keep in mind that larger ranges will take more time.
If you want to scan the most popular ports, you can do it by using this syntax:
nmap --top-ports 20 X.X.X.X
(Where “20” is the number of popular ports you want to target.)
Output example:
However, Nmap is a terminal-based tool, so it’s only useful for real geeks!
YouTube Video :- SooN....
Thank you so much :-)
Disclaimer
This was written for educational purpose and pentest only.
The author will not be responsible for any damage ..!
The author of this tool is not responsible for any misuse of the information.
You will not misuse the information to gain unauthorized access.
This information shall only be used to expand knowledge and not for causing malicious or damaging attacks. Performing any hacks without written permission is illegal ..!
All video’s and tutorials are for informational and educational purposes only. We believe that ethical hacking, information security and cyber security should be familiar subjects to anyone using digital information and computers. We believe that it is impossible to defend yourself from hackers without knowing how hacking is done. The tutorials and videos provided on www.hackingtruth.in is only for those who are interested to learn about Ethical Hacking, Security, Penetration Testing and malware analysis. Hacking tutorials is against misuse of the information and we strongly suggest against it. Please regard the word hacking as ethical hacking or penetration testing every time this word is used.
All tutorials and videos have been made using our own routers, servers, websites and other resources, they do not contain any illegal activity. We do not promote, encourage, support or excite any illegal activity or hacking without written permission in general. We want to raise security awareness and inform our readers on how to prevent themselves from being a victim of hackers. If you plan to use the information for illegal purposes, please leave this website now. We cannot be held responsible for any misuse of the given information.
- Hacking Truth by Kumar Atul Jaiswal
