Home Forums Learning about ports and exploiting them

This topic contains 1 reply, has 2 voices, and was last updated by  myk3h0nch0 1 month, 1 week ago.

  • Author
  • #461088


    Where can I learn about what each port is,does and how to manipulate and exploit it?

    I remember finding an open port a while back and I didn’t know what it was or anything about it,so I did what most people would do and looked it up,long long long story short I found nothing.

  • #461089


    Take a networking course first.

  • #461090


    It doesn’t matter what port it is, it matters what service is listening on that port.
    You don’t “exploit a port”, you exploit the service on that port.
    For example you can exploit an SSH vulnerability and it doesn’t matter what port you’re running SSH on, beit port 22 or port 22222.

    You can find out about the individual services by googling “well known ports”. You can also run nmap (and specify all ports) against a device to learn more about the services on said ports, then look at exploiting them.

    I’m saying this because my networking classes in uni never taught me this. Networking is absolutely the backbone, so I strongly urge you to look into extra networking resources like certificates. Network+, Security+ and any free online resources.

  • #461091


    Srsly, learn networking. You can’t hack without it.

  • #461092


    As someone already commented. You don’t hack port but the service running on it. General speaking there are default ports for popular services, there are cheatsheets for it only need one Google search to find.

  • #461093


    A port is simply the number encoded in the TCP (or UDP) header. Your OS matches that header with a list of programs it is running locally that have registered a particular port (either system-wide or on a particular IP) with the OS. As you can see in this little bit of interaction, there is a lot to potentially exploit and investigate.

    -Can you create a malformed TCP/IP packet so it mismatches the wrong port or program at the OS level (unlikely in modern stacks, but very old stacks did have buffer overflows in protocol handling, eg ping of death)

    -Can you create a program that registers itself on a port another program already registered?

    -Can you access a port on an IP that the program ís not supposed to respond to (fairly common to date, especially as SysAdmin don’t understand the quirks of each OS’s IP stack, such as the fact that Windows will register a program on every IP regardless of request)

    -Can you run a program that will listen on a particular port without registering it to the OS

    -Is there any significance to the ports at the very edges (eg port 0 or 65535) – and do look it up, it’s an interesting read

    -What happens if you can pass into an arbitrary program a port outside that range (eg 65536), or in a firewall, network card etc.

    -What does the OS do or require if you run a particular program inside the ‘privileged’ (1-1024) vs ‘unprivileged’ (>1024) ports, what are the implications of that.

    -Can you use any of the quirks about the TCP/IP stack and its conventions to avoid detection, set up your own backdoor or bypass a security control?

    As you can see as well, the port is just an arbitrary number. There are some ports that are ‘standardized’ but that is more convention, it is not enforced. Hacking lies at the edges of what the system is configured to do, what happens outside those parameters is the interesting stuff. You can delve deep into any of the above subjects, hacking isn’t about taking classes, you’ll learn more just READING about any of the mentioned topics than any classes or courses you take.

  • #461094


    Oh boy

  • #461095


You must be logged in to reply to this topic.