Martian Defense NoteBook
  • Martian Defense Notebook
  • Training and Career
    • Keeping it Real for Beginners
    • Reading and Repos
    • Media
    • Guides
      • Cybersecurity Roadmaps
      • Cybersecurity Training Topics
      • AppSec Training Pathway
      • Interview Checklist
    • Platforms
      • General
      • Offensive Security
      • Defensive Security
      • CTF Sites
      • Live Vulnerable Sites
    • Entrepreneurship Roadmaps
      • Consulting
      • Starting a Business
  • Technical Resources
    • Offensive-Cybersecurity
      • Application Security
      • General
      • Recon + OSINT
      • Infrastructure Pentesting
      • Cloud Pentesting
      • Wordlists
      • Social Engineering
      • Mobile Pentesting
      • Container Security
      • Blockchain
    • Defensive-Cybersecurity
    • General Cybersecurity
      • Cybersecurity Operating Systems
    • Coding/Programming
    • Reverse Engineering
    • AI and ML
  • Notes
    • Product Security Engineering
      • DevSecOps
        • Docker
          • How to Dockerize Applications with Docker Compose (Using SQLite and Flask)
      • SAST/SCA
        • How to setup a GitHub Action for Code Security analysis
        • JavaScript Security Analysis
        • Java Security 101
        • Tools
        • CodeQL for Beginners
      • Product Security Hardening
      • Threat Modeling
      • PHP Security
    • AppSec Testing
      • Checklists
        • WEB APP PENTESTING CHECKLIST
        • API Testing Checklist
        • Android Pentesting Checklist
        • IoS Pentesting Checklist
        • Thick Client Pentesting Checklist
        • Secure Code Review Checklist
      • Targeted Test Cases
        • Part 1
        • Part 2
      • Common Web Attack and Prevention List
      • Ports and associated Vectors
      • DNS
      • Web Tools
      • Command Injection Testing
      • JWTs and JSON
    • Security Research
      • Publishing CVEs
      • Threat Intelligence
      • Shodan Dork Cheatsheet
      • Github Dorks
      • Bug Bounty
        • Bug Bounty Programs
      • Forums
    • Coding/Programming
      • Secure Coding Practices Checklist
      • JavaScript
      • Python
        • Quick Notes
        • Python Basics for Pentesters
        • Python Snippets
        • XML Basics with Python
      • Golang
        • Theory
        • Security
        • Modules
        • Entry Points
        • File Forensics
        • Cryptography and Encoding
        • Golang Snippets
      • PHP
        • Setup
        • Syntax
        • Variables and Data Types
        • Control Structures
        • Arrays
        • Functions
        • OOP Concepts
        • Database Integration
        • Handling HTTP Methods
        • Session Management
        • File Uploads
        • Email Function
        • Error Handling
        • Advanced Topics and Best Practices
    • Network Security
      • Domain Trust Enumeration
      • Bleeding Edge Vulnerabilities
      • Post-Exploitation
      • Access Control Lists and Entries (ACL & ACE)
      • Credentialed Enumeration
      • Password Attacks
        • Internal Password Spraying
        • Remote Password Attacks
        • Linux Local Password Attacks
        • Windows Local Password Attacks
        • Windows Lateral Movement
      • PowerView
      • Pivoting, Tunneling and Forwarding
        • Advanced Tunneling Methods
        • Dynamic Port Forwarding (SSH + Socks)
        • Port Forwarding Tools
        • SoCat
      • Linux Privilege Escalation
      • Windows Privesc
        • OS Attacks
        • Windows User Privileges
        • Windows Group Privileges
        • Manual Enumeration
        • Credential Theft
      • Kerberos Attacks
        • Kerberos Quick Reference Sheet
    • Cloud Security Testing
    • Defensive Security
      • Splunk
        • Basic Queries
        • Dashboards
      • Forensics
        • Volatility
      • WireShark filters
    • Governance, Risk, Compliance
      • Vulnerability Management Lifecycle
    • Capture-the-Flag Training
      • Vulnerable Machine Checklist
      • Reverse Engineering Checklist
      • Mobile Checklist
      • Forensics Checklist
      • Binary Exploitation
      • Cryptography Checklist
    • Reporting
    • PowerShell
    • Linux Basics
    • Basic IT Tasks
  • Digital Privacy and Hygiene
    • Personal Information Removal Services
    • De-Googling Android
    • DNS Services
    • Privacy References
    • Opsec
  • RedPlanet Labs
    • PyGOAT
    • OWASP Juice Shop
Powered by GitBook
On this page
  1. Notes
  2. AppSec Testing

Ports and associated Vectors

Port
Use case
Abuse Case

21

21 FTP (File Transfer Protocol)

Exploited for brute force attacks to gain unauthorized access to file shares and potentially upload malicious scripts or files.

22

SSH (Secure Shell)

Targeted for brute force or dictionary attacks to gain remote control of systems. Often scanned for vulnerable or default credentials.

23

Telnet

Because it's unencrypted, attackers could eavesdrop on communications, capturing credentials for unauthorized access.

25

SMTP (Simple Mail Transfer Protocol)

Used for sending spam or phishing emails if the SMTP server is compromised or misconfigured.

53

DNS (Domain Name System)

Exploited in DNS amplification attacks to overwhelm a network with DNS response traffic, leading to DDoS attacks.

80/443

HTTP/HTTPS (Web Services)

Web servers on these ports can be targeted with various web application attacks such as SQL injection, XSS, or CSRF.

110/995

POP3/POP3S (Email Retrieval)

Attackers could intercept unencrypted POP3 traffic to steal email credentials or use compromised accounts to spread malware.

135-139/445

Windows RPC/NetBIOS/SMB

Exploited by malware like WannaCry for spreading within networks or to execute remote code.

143/993

IMAP/IMAPS (Email Retrieval)

Similar to POP3, IMAP traffic can be intercepted to gain unauthorized access to email accounts.

161/162

SNMP (Simple Network Management Protocol)

Misused to gather detailed network information or, in some configurations, to modify device settings.

389/636

LDAP/LDAPS (Directory Services)

Attackers could exploit vulnerabilities to perform directory traversal attacks or gain unauthorized access to directory listings.

1433/1434

Microsoft SQL Server

SQL injection attacks or unauthorized access for data theft or manipulation. Exploited for executing remote commands.

1521

Oracle Database

Attackers may attempt to exploit vulnerabilities for unauthorized database access or to inject malicious SQL queries.

1812/1813

RADIUS (Remote Authentication Dial-In User Service)

Used for network authentication. Vulnerable to brute force attacks or exploited for unauthorized network access if poorly configured.

3306

MySQL

If accessible from externally, it can be brute-forced or exploited to gain access to databases, leading to data theft or loss.

3389

RDP (Remote Desktop Protocol)

Often targeted for brute force attacks or BlueKeeplike vulnerabilities to gain remote control of systems.

3899

Radmin (Remote Administrator)

A remote control software that can be abused for unauthorized remote access if left exposed or if weak credentials are used.

4444

Metasploit Framework’s default port for payloads

Often used by attackers after exploiting a vulnerability to establish a reverse shell or gain control over a system.

4848

GlassFish Server Administration Console

Can be targeted for unauthorized access or remote code execution if not secured with strong authentication.

5000

UPnP (Universal Plug and Play)

Can be exploited to open other ports or for denialof-service attacks due to its capability to configure network devices.

5060/5061

SIP (Session Initiation Protocol)

Utilized in VoIP environments, vulnerable to eavesdropping, toll fraud, or DDoS attacks targeting communication infrastructure.

5555

Android Debug Bridge

If left open, can be exploited to install malicious applications, exfiltrate data, or control the device remotely without user consent.

5601

Kibana

Exposed instances without proper authentication can lead to unauthorized access to data indexed by Elasticsearch.

5900/5901

VNC (Virtual Network Computing)

Vulnerable to brute force attacks or unauthorized access if not properly secured with strong passwords and encryption.

5985/5986

WinRM (Windows Remote Management)

If improperly configured, can be exploited for remote code execution or lateral movement within a network.

6379

Redis

Unsecured instances may lead to data theft, ransomware, or unauthorized use of the server for malicious purposes.

6667

IRC (Internet Relay Chat)

Historically used by botnets as command and control channels. Vulnerable to eavesdropping and man-in-the-middle attacks if not encrypted.

7547

CWMP (TR-069) - CPE WAN Management Protocol

Exploited in mass-scale attacks to remotely manage home routers and modems. Vulnerabilities can lead to device compromise.

8000/8001

Common alternative HTTP ports

Often used for web servers running in non-standard configurations, which may be less monitored and therefore vulnerable to web application attacks

8080/8443

Alternate HTTP/HTTPS

Often used for web applications and services, which could be targeted with various web-based exploits if not secured.

8081

Proxy or web server alternative port

Similar to port 8080, but less commonly monitored, making services hosted here potential targets for unnoticed exploitation.

8089

Splunkd

Exposed management ports can lead to unauthorized access to Splunk datasets or system compromise.

8291

MikroTik RouterOS Winbox

Vulnerabilities could allow attackers to bypass authentication and gain remote access to the device.

8444

Bitmessage

A decentralized messaging protocol that can be abused for exfiltrating data or command and control if not properly secured.

9001/9030

Tor network entry/exit nodes

Used by Tor for anonymous communication. Misconfigured Tor services can be exploited for malicious purposes or data exfiltration.

9100

PDL (Printer Description Language) Data Stream

Vulnerable to printing denial of service or unauthorized document printing if exposed to a public network.

9200/9300

Elasticsearch

Open ports can be misused for unauthorized data access, deletion, or index manipulation if not properly secured.

10000

Webmin

A web-based interface for system administration for Unix. Vulnerable to exploitation if not regularly updated or properly secured

10050/10051

Zabbix Agent/Server

Open Zabbix agents or servers could be compromised to gain information on monitored systems or to execute commands.

11211

Memcached

Exploited in reflection DDoS attacks due to its high bandwidth amplification factor when left exposed to the internet.

27015

Valve's Source Dedicated Server

Could be targeted for DDoS attacks, disrupting game servers and other services running on this port.

27017-27019

MongoDB

Exposed databases can be targeted for unauthorized access, data leakage, or ransomware attacks due to misconfiguration or lack of authentication.

27018

MongoDB default port for Sharded clusters

Similar risks as the default MongoDB port (27017), but specific to Sharded clusters. Misconfiguration can lead to unauthorized data access.

32400

Plex Media Server

If improperly secured, can be accessed without authorization, potentially exposing personal media collections or being used for bandwidth theft.

PreviousCommon Web Attack and Prevention ListNextDNS

Last updated 6 months ago