| View previous topic :: View next topic |
| Author |
Message |
isohseis
Just Arrived
Joined: 25 Nov 2005
Posts: 0
|
 Posted: Mon Nov 28, 2005 11:55 am Post subject: ports, exploits |
 |
|
|
this is a newbie question but here it goes, how are ports exploited?Say there is an open port on a machine, how does that make it a weakness, and how is it exploited?
|
|
| Back to top |
|
 |
Sh4d0w
Just Arrived
Joined: 19 Jun 2005
Posts: 0
|
| Posted: Mon Nov 28, 2005 3:13 pm Post subject: |
|
|
Ports are usually open to offer a specific service which is served by a certain application running on the server. Network reconnaissance(read port scanner and banner grabbing) tells you what service and application is being used on a specific port on a specific host. Then you must know what vulnerabilities are present in that application and exploit them somehow with either your own code or some prewritten code that can be found with diligent google searching. This is about the most simplest form of an answer I can provide for this question. I would suggest picking up a copy of one of the Hacking Exposed books or doing a lot of google reading. You should probably understand more tcp/ip theory before worrying about exploitation of services. Remember to always gain written authorization to exploit a box for testing purposes if it is not legally yours. Otherwise you might make some new friends with similiar names to bubba and jim bob.
-- Shadow
|
|
| Back to top |
|
|
isohseis
Just Arrived
Joined: 25 Nov 2005
Posts: 0
|
| Posted: Tue Nov 29, 2005 12:58 am Post subject: |
|
|
|
thanks
|
|
| Back to top |
|
|
acidrain
Just Arrived
Joined: 27 Apr 2003
Posts: 0
Location: Yakima, Washington State, USA
|
| Posted: Tue Nov 29, 2005 8:24 am Post subject: |
|
|
I try not to think of the ports themselves as being exploited, its the applications that are running on those ports (or listening) that are the problem.
Just as the reader stated above though, you still have to know the vulnerabilities of the actual application.
|
|
| Back to top |
|
|
micro420
Just Arrived
Joined: 08 Jul 2005
Posts: 0
Location: Berkeley, CA
|
| Posted: Fri Dec 02, 2005 10:33 pm Post subject: |
|
|
|
So is it more safer to change the default ports so that it isn't obvious? Say move port:21 to some other random port. Will a hacker know that you moved port:21 to port:9999?
|
|
| Back to top |
|
|
alt.don
SF Boss
Joined: 04 Mar 2003
Posts: 16777079
|
| Posted: Fri Dec 02, 2005 11:54 pm Post subject: |
|
|
|
You are now talking about security through obsurity ie: changing well known port to some other one. This will cut down on the amount of hits that your server may take, but it can still be found if someone is targetting you directly. There are some brutally fast scanners out there. Scanrand by Dan Kaminsky is one of the fastest I have ever seen. Back to your initial question though......You may gain a slight advantage by doing so, but only again if you are offering up a server to some friends, vice commerically as a corporate entity for the ftp protocol will automagically default to port 21 just like http with port 80. If your commerical ftp server is sitting on something other then 21 then you will have issues. Hope this clarifies.....
|
|
| Back to top |
|
|
MattA
Trusted SF Member
Joined: 13 Jun 2003
Posts: 16777193
Location: Eastbourne + London
|
| Posted: Sat Dec 03, 2005 10:26 am Post subject: |
|
|
|
Just to add a quick note the above, nmap quite happily identifies services running on nonstandard ports, and if you can't identify it with that thre is also Amap and I always connect with telnet and a webbrowser just to see if i get anything else....there's often quite a lot to be seen connecting with a web browser ports other than 80.
|
|
| Back to top |
|
|
|
