Forum Thread: Most Remotely Exploited Port?

I would like to know what are the most remotely exploited ports

12 Responses

Wow OTW just replied on my post, it's an honor, i love your articles

probably SSH (22) and webservers (80). atleast that is what i exploited the most in my 3-year career.

however, SMTP (25), FTP (21), SNMP (161 (especially exploited for reconassiance)) are also widely exploited.

it is hard to answer this question, actually. there are so many ports exploited that it is nearly impossible to say which one is exploited the most.

-Phoenix750

Thanks for replying phoenix i also read some of your articles and tutorials, keep them coming

soon i will start making articles again, don't worry.

welcome to Null-Byte, btw.

-Phoenix750

Thanks dude, cant wait...

I agree with Phoenix. Telnet and SSH are great doorways into exploitation. If you are exploiting a router also keep in mind that many routers have port 80 open for HTTP and can often be logged into with default credentials. Port 80 can also be used for recon using netcat.

Welcome to Null Byte!

port 80 for recon using netcat? i require more details, sir! this looks interesting...

-Phoenix750

Absolutely! I learned this neat little trick from one of OWT's posts.

This netcat command connects to the server first, and then gives you the ability to see the header, often revealing vital information.

First your command should look like:

nc testurl.com 80

Once you hit return, you won't see anything immediately. Next you type in the blank space,

HEAD / HTTP/1.0

Hit return a few times, and you should see a block of text, containing system information.

Hope this helps,

  • Cameron

a header grab? this is a nice trick, but sysadmins put up a fake header too, so i wouldn't trust it completely.

-Phoenix750

Excellent point, Phoenix. I would say this trick is useful when doing recon on a smallish server.

true but if you find some script kiddos who left their ports open( 4444-4445 -1604( dark comet port) - 6996 etc) that they just leave them open :D

but mostly you have to look what you wanna exploit and hack?
if target is machine that persone use it ports that i said either its webserver common ports are :
80 - 22-21-161 as phoenix said are ports for webservers which can also used on personal machines

Share Your Thoughts

  • Hot
  • Active