Table of Contents for
Kali Linux 2 – Assuring Security by Penetration Testing - Third Edition

Version ebook / Retour

Cover image for bash Cookbook, 2nd Edition Kali Linux 2 – Assuring Security by Penetration Testing - Third Edition by Gerard Johansen Published by Packt Publishing, 2016
  1. Cover
  2. Table of Contents
  3. Kali Linux 2 – Assuring Security by Penetration Testing Third Edition
  4. Kali Linux 2 – Assuring Security by Penetration Testing Third Edition
  5. Credits
  6. Disclaimer
  7. About the Authors
  8. About the Reviewer
  9. www.PacktPub.com
  10. Preface
  11. What you need for this book
  12. Who this book is for
  13. Conventions
  14. Reader feedback
  15. Customer support
  16. 1. Beginning with Kali Linux
  17. Kali Linux tool categories
  18. Downloading Kali Linux
  19. Using Kali Linux
  20. Configuring the virtual machine
  21. Updating Kali Linux
  22. Network services in Kali Linux
  23. Installing a vulnerable server
  24. Installing additional weapons
  25. Summary
  26. 2. Penetration Testing Methodology
  27. Vulnerability assessment versus penetration testing
  28. Security testing methodologies
  29. General penetration testing framework
  30. Information gathering
  31. The ethics
  32. Summary
  33. 3. Target Scoping
  34. Preparing the test plan
  35. Profiling test boundaries
  36. Defining business objectives
  37. Project management and scheduling
  38. Summary
  39. 4. Information Gathering
  40. Using public resources
  41. Querying the domain registration information
  42. Analyzing the DNS records
  43. Getting network routing information
  44. Utilizing the search engine
  45. Metagoofil
  46. Accessing leaked information
  47. Summary
  48. 5. Target Discovery
  49. Identifying the target machine
  50. OS fingerprinting
  51. Summary
  52. 6. Enumerating Target
  53. Understanding the TCP/IP protocol
  54. Understanding the TCP and UDP message format
  55. The network scanner
  56. Unicornscan
  57. Zenmap
  58. Amap
  59. SMB enumeration
  60. SNMP enumeration
  61. VPN enumeration
  62. Summary
  63. 7. Vulnerability Mapping
  64. Vulnerability taxonomy
  65. Automated vulnerability scanning
  66. Network vulnerability scanning
  67. Web application analysis
  68. Fuzz analysis
  69. Database assessment tools
  70. Summary
  71. 8. Social Engineering
  72. Attack process
  73. Attack methods
  74. Social Engineering Toolkit
  75. Summary
  76. 9. Target Exploitation
  77. Vulnerability and exploit repositories
  78. Advanced exploitation toolkit
  79. MSFConsole
  80. MSFCLI
  81. Ninja 101 drills
  82. Writing exploit modules
  83. Summary
  84. 10. Privilege Escalation
  85. Password attack tools
  86. Network spoofing tools
  87. Network sniffers
  88. Summary
  89. 11. Maintaining Access
  90. Working with tunneling tools
  91. Creating web backdoors
  92. Summary
  93. 12. Wireless Penetration Testing
  94. Wireless network recon
  95. Wireless testing tools
  96. Post cracking
  97. Sniffing wireless traffic
  98. Summary
  99. 13. Kali Nethunter
  100. Installing Kali Nethunter
  101. Nethunter icons
  102. Nethunter tools
  103. Third-party applications
  104. Wireless attacks
  105. HID attacks
  106. Summary
  107. 14. Documentation and Reporting
  108. Types of reports
  109. The executive report
  110. The management report
  111. The technical report
  112. Network penetration testing report (sample contents)
  113. Preparing your presentation
  114. Post-testing procedures
  115. Summary
  116. A. Supplementary Tools
  117. Web application tools
  118. Network tool
  119. Summary
  120. B. Key Resources
  121. Paid incentive programs
  122. Reverse engineering resources
  123. Penetration testing learning resources
  124. Exploit development learning resources
  125. Penetration testing on a vulnerable environment
  126. Online web application challenges
  127. Virtual machines and ISO images
  128. Network ports
  129. Index

Network ports

Assessing the network infrastructure for the identification of critical vulnerabilities has always been a challenging and time-consuming process. Thus, we have fine-tuned a small list of known network ports with their respective services in order to help penetration testers quickly map through potential vulnerable services (TCP/UDP ports 1 to 65,535) using Kali Linux tools.

To get a complete and a more up-to-date list of all network ports, visit http://www.iana.org/assignments/port-numbers.

However, bear in mind that sometimes the applications and services are configured to run on different ports than the default ones, shown as follows:

Service

Port

Protocol

Echo

7

TCP/UDP

Character Generator (CHARGEN)

19

TCP/UDP

FTP data transfer

20

TCP

FTP control

21

TCP

SSH

22

TCP

Telnet

23

TCP

SMTP

25

TCP

WHOIS

43

TCP

TACACS

49

TCP/UDP

DNS

53

TCP/UDP

Bootstrap Protocol (BOOTP) server

67

UDP

Bootstrap Protocol (BOOTP) client

68

UDP

TFTP

69

UDP

HTTP

80

TCP

Kerberos

88

TCP

POP3

110

TCP

Sun RPC

111

TCP/UDP

NTP

123

UDP

NetBIOS (Name service)

137

TCP/UDP

NetBIOS (Datagram service)

138

TCP/UDP

NetBIOS (Session service)

139

TCP/UDP

IMAP

143

TCP

SNMP

161

UDP

SNMPTRAP

162

TCP/UDP

BGP

179

TCP/UDP

IRC

194

TCP/UDP

BGMP

264

TCP/UDP

LDAP

389

TCP/UDP

HTTPS

443

TCP

Microsoft DS

445

TCP/UDP

ISAKMP

500

TCP/UDP

rexec

512

TCP

rlogin

513

TCP

Who

513

UDP

rsh

514

TCP

Syslog

514

UDP

Talk

517

TCP/UDP

RIP/RIPv2

520

UDP

Timed

525

UDP

klogin

543

TCP

Mac OS X Server administration

660

TCP/

Spamassassin

783

TCP

rsync

873

TCP

IMAPS

993

TCP

POP3S

995

TCP

SOCKS

1080

TCP

Nessus

1241

TCP

IBM Lotus Notes

1352

TCP

Timbuktu-srv1

1417 to 1420

TCP/UDP

MS SQL

1433

TCP

Citrix

1494

TCP

Oracle default listener

1521

TCP

Ingres

1524

TCP/UDP

Oracle common alternative for listener

1526

TCP

PPTP

1723

TCP/UDP

radius

1812

TCP/UDP

Cisco SCCP

2000

TCP/UDP

NFS

2049

TCP

Openview Network Node Manager daemon

2447

TCP/UDP

Microsoft Global Catalog

3268

TCP/UDP

MySQL

3306

TCP

Microsoft Terminal Service

3389

TCP

NFS-lockd

4045

TCP

SIP

5060

TCP/UDP

Multicast DNS

5353

UDP

PostgreSQL

5432

TCP

PCAnywhere

5631

TCP

VNC

5900

TCP

X11

6000

TCP

ArcServe

6050

TCP

BackupExec

6101

TCP

Gnutella

6346

TCP/UDP

Gnutella alternate

6347

TCP/UDP

IRC

6665 to 6670

TCP

Web

8080

TCP

Privoxy

8118

TCP

Polipo

8123

TCP

Cisco-xremote

9001

TCP

Jetdirect

9100

TCP

Netbus

12345

TCP

Quake

27960

UDP

Back Orifice

31337

UDP