How to check the open ports of a server?
Whether you are troubleshooting for a network, creating one, or finding faults in a server, the first thing will be to check for its open ports because when you are looking for the security of a house, you would check the doors. Isn’t it? Without wasting time, let’s dive into
Step 2 of hacking: Active Information Gathering
If you’re following the roadmap, have you completed your last to-do? If not, complete it first, here’s the link. So far, we have read about various passive ways of information gathering(if you want to know these, start from here). Now, we’ll move towards gathering information by interacting with the system.
What is this about?
Active information gathering is about directly interacting with the target to collect information about them like checking what ports are open, OS they use, etc. This kind of collecting information is very noisy. It leaves the traces behind in the form of logs and that’s why it is not the first way we go when doing pen-testing.
The first is thing finding a way to open doors to the server. Get your terminal ready and this is what we would do now.
1. Check open ports with nmap
First of all, check if your target is live. Once you confirm that it’s time to scan ports. In this, we look for TCP and UDP ports(read a little about them here, before going ahead). By checking for open ports we get to know what services are running on the target. These services then help to find vulnerabilities in the system. For this, we will use nmap. Let us try this out
:> nmap -sT -p- <ip-address>
OUTPUT:
Starting Nmap <ip-address>
Nmap scan report for <ip-address>
Host is up (0.0012s latency).
Not shown: 998 closed ports
PORT STATE SERVICE
22/tcp open ssh
80/tcp open http
MAC Address: <mac address>
Nmap done: 1 IP address (1 host up) scanned in 0.41 seconds
The output shows ports `22` and `80` are open on the target system. If you want to scan for UDP ports, change the parameter -sT to -sU.
2. Service Version Detection
Above we discussed finding services running on certain ports. Now, we’ll see how to find the exact version of the service running on a port. This will help us in finding vulnerabilities for the particular version of the service.
> nmap -sV <target> OUTPUT: Starting Nmap <ip-address> Nmap scan report for <ip-address> Host is up (0.0012s latency). Not shown: 998 closed ports PORT STATE SERVICE 22/tcp open ssh 80/tcp open http MAC Address: <mac address> Service Info: OS: Linux Nmap done: 1 IP address (1 host up) scanned in 0.41 seconds3. OS Fingerprinting
Nmap has a huge database of OS fingerprinting database. This command TCP and UDP packets to the target and the response is compared with the database. If the fingerprint matches, we get a successful result
> nmap -O <target> OR > nmap -n -A -T5 <target> OUTPUT: Starting Nmap 7.92 at 2021-10-29 17:00 EDT Nmap scan report for <target> Host is up (0.25s latency). Running: Windows 10 Network Distance: 14hop OS and Service detection performed. Nmap done: 1 IP address (1 host up) scanned in 260.74 secondsThe -T5 way increases the speed of the scan. But, keep in mind that this will make the scan loud.
Nmap is a tool that can scan large networks and single hosts. Nmap is preferred because of its power usage. It can scan ports, find Mac addresses, OS, kernels, and much more. If you want to try some GUI tool for scanning, check out Zenmap.
If you are using some other way than this, don’t forget to share in the comments below! While you try out all these techniques don’t forget this:CAUTION: You need to make sure that you will not use this information for any illegal purposes. This information is being shared for educational purposes only. If you find something sensitive while practicing this, do not use that information instead inform the website owner as soon as possible.
Here come’s your next to-do.
To-Do
- Read about TCP and UDP working
- Practice with nmap
If you find this interesting, don’t forget to share and subscribe. I’ll update you every weekend with new content. The next article will see a tool with the level of swish army knife. Till then, keep practicing!