Common ports and services

Samba is a service that allows the user to share files with other computers. It has interoperability, which means that it can share stuff between Linux and Windows systems. A windows user will simply see an icon for a folder that includes…

Nmap Information Gathering: nmap -p 1433 --script ms-sql-info,ms-sql-empty-password,ms-sql-xp-cmdshell,ms-sql-config,ms-sql-ntlm-info,ms-sql-tables,ms-sql-hasdbaccess,ms-sql-dac,ms-sql-dump-hashes --script-args…

Find hidden files and directories: # Dirb dirb https://192.168.1.101 or # Gobuster - remove relevant responde codes (403 for example) gobuster -u http://192.168.1.101 -w…

SMTP (Simple Mail Transfer Protocol) is a TCP/IP protocol used in sending and receiving e-mail. It is normally worked with one of two other protocols, POP3 or IMAP, that allow the user to save messages in a server mailbox and download them…

Telnet protocol considered insecure because it doesn't encrypt data. The protocol is old and is affected by various Code-Execution vulnerabilities, might be worth checking exploit-db.com for that. Brute force Telnet with Nmap: nmap -p…

SSH is a very popular method to securely communicate with a remote host. SSH is old and basic technology so most recent versions are well secured. You can discover out the version of the SSH by scanning it with nmap or by connecting with it…

FTP is a service that is usually used in Web Servers from admins for accessing the data remotely. So it's a fact that you will find this service in one of our clients' systems during penetration testing. Connect to the ftp-server to…