.

Procedure to find services behind open ports

<<

caissyd

User avatar

Hero Member
Hero Member

Posts: 894

Joined: Thu Dec 31, 2009 11:20 am

Location: Ottawa, Canada

Post Fri Aug 13, 2010 1:19 pm

Procedure to find services behind open ports

Hi,

I have an host on the network with TCP port 49232 open. How can I find out what service hides behind this port?

I pick up this number (49232) randomly to illustrate my problem. In a lab, I scan machines that are listening on weird ports like that and I struggle trying to find what is hiding behind it...

Thanks
OSCP, GPEN, GWAPT, GSEC, CEH, CISSP
(aka H1t.M0nk3y)
<<

ziggy_567

User avatar

Sr. Member
Sr. Member

Posts: 378

Joined: Tue Dec 30, 2008 1:53 pm

Post Fri Aug 13, 2010 1:23 pm

Re: Procedure to find services behind open ports

Windows or Linux/Unix?

Netstat can be used on Windows...I don't remember the switch off the top of my head. On linux/unix you can use lsof -P.
--
Ziggy


eCPPT - GSEC - GCIH - GWAPT - GCUX - RHCE - SCSecA - Security+ - Network+
<<

caissyd

User avatar

Hero Member
Hero Member

Posts: 894

Joined: Thu Dec 31, 2009 11:20 am

Location: Ottawa, Canada

Post Fri Aug 13, 2010 1:26 pm

Re: Procedure to find services behind open ports

@ziggy_567 - For both linux and windows and I don't have access (yet!) to the machine. I can only scan it from the network!
OSCP, GPEN, GWAPT, GSEC, CEH, CISSP
(aka H1t.M0nk3y)
<<

Ketchup

User avatar

Hero Member
Hero Member

Posts: 1021

Joined: Fri Jul 04, 2008 7:44 pm

Location: Philadelphia, PA

Post Fri Aug 13, 2010 1:26 pm

Re: Procedure to find services behind open ports

netstat -anb on Windows.
~~~~~~~~~~~~~~
Ketchup
<<

Ketchup

User avatar

Hero Member
Hero Member

Posts: 1021

Joined: Fri Jul 04, 2008 7:44 pm

Location: Philadelphia, PA

Post Fri Aug 13, 2010 1:28 pm

Re: Procedure to find services behind open ports

You can telnet or netcat to the port, send some commands and see what it comes back with.  You can also attempt to run nmap against it see what it finds.  You should be watching the communication in Wireshark as you are doing either one of these.
~~~~~~~~~~~~~~
Ketchup
<<

ziggy_567

User avatar

Sr. Member
Sr. Member

Posts: 378

Joined: Tue Dec 30, 2008 1:53 pm

Post Fri Aug 13, 2010 1:40 pm

Re: Procedure to find services behind open ports

I apologize. I misunderstood the question. I thought you had access to the boxes.

Yes, Ketchup's suggestions are what I would go with...banner grabbing/analyzing traffic to/from that port is your only option.
--
Ziggy


eCPPT - GSEC - GCIH - GWAPT - GCUX - RHCE - SCSecA - Security+ - Network+
<<

caissyd

User avatar

Hero Member
Hero Member

Posts: 894

Joined: Thu Dec 31, 2009 11:20 am

Location: Ottawa, Canada

Post Fri Aug 13, 2010 1:58 pm

Re: Procedure to find services behind open ports

Thanks guys,

I also remember this great post from sil: http://www.ethicalhacker.net/component/option,com_smf/Itemid,54/topic,5679.0/

Lots of usefull things there too.
OSCP, GPEN, GWAPT, GSEC, CEH, CISSP
(aka H1t.M0nk3y)
<<

Xen

User avatar

Sr. Member
Sr. Member

Posts: 386

Joined: Tue Feb 03, 2009 3:59 am

Post Fri Aug 13, 2010 2:53 pm

Re: Procedure to find services behind open ports

Version scanning involves finding the application (and application's version) and the protocol (eg. SSHv1,SSHv2 ...) at a given open port.
As Ketchup posted you can start with basic banner grabbing with netcat or telnet. But banners can be easily spoofed. So, the next step will be to use Nmao version scan. Also use Amap and compare your results with the Nmap scan and eliminate false positives.

Return to Network Pen Testing

Who is online

Users browsing this forum: No registered users and 1 guest

cron
.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software