Hacking: A 101 Hacking Guide (2015)
Chapter 6: Accessing Ports
Ports allow multiple services (remember the term daemon?) to share a single physical connection for communication. The best example would be allowing access to the internet. Ports are associated with IP addresses and have a port number to identify them.
Let’s look at an example of how these ports work by looking at email. An email server that is sending and receiving email needs two services: one for sending and receiving messages from other servers, and one for allows users to retrieve their own personal email from the server. The first service is called SMTP, which stands for Simple Mail Transfer Protocol. It usually uses Port 25 to watch for requests to either send mail or receive mail. The second service is usually either the Post Office Protocol (POP) or Internet Message Access Protocol (IMAP). Whatever software you use for sending and receiving email uses one of these services to retrieve your email from the server. The POP service commonly uses Port 110.
The only way to attack a service, such as POP, is through the port they are using. You can think of it as a piping system, where the port acts as a valve. If the port is not being used, it is closed and nothing can get through; if the port is open, then it may be vulnerable to attack. If you aren’t using a port, it should be closed.
We are going to talk about how hackers use ports to gain access to your system, but first let’s go over some acronyms and definitions.
DNS: Domain Name Server, translates names into IP addresses
FTP: File Transfer Protocol, used to transfer files from one host to another
HTTP: HyperText Transfer Protocol
HTTPS: HTTP over SSL (see definition below)
POP3: Post Office Protocol version 3, used to retrieve email from a mail server
RPC: Remote Procedure Call, allows a program on one computer to run a program on the server
SSH: Secure Shell, used to login to another computer over the network, move files between computers, and execute commands remotely
SSL: Secure Sockets Layer, uses two keys to encrypt data shared via the internet
SMTP: Simple Mail Transfer Protocol, used to send email messages from one server to another, or from a mail client to a mail server
TCP: Transmission Control Protocol, allows two hosts to make a connection and exchange data
UDP: User Datagram Protocol, primarily used for broadcasting messages over a network
Ports that are commonly hacked include…
· TCP port 21 - FTP
· TCP port 22–SSH
· TCP port 23 - telnet
· TCP port 25 - SMTP
· TCP and UDP port 53 - DNS
· TCP port 443 - HTTP and HTTPS
· TCP port 110 - POP3
· TCP and UDP port 135 - Windows RPC
· TCP and UDP ports 137–139 - Windows NetBIOS over TCP/IP
· TCP port 1433 and UDP port 1434–Microsoft SQL Server
Now, how do hackers know if a port is open? The method is called port scanning, and it is disturbingly easy, and we are going to look at one of many methods. This example is run on a Windows system, and is so easy beginners can do it. Here is the methodology: obtain the IP address of your target, wait until your target is active, scan the target for open ports, access the system through a vulnerable open port, and hack the username and password.
To get the IP address, use the command ping. For example, in a Windows environment you can open the command prompt and type in the command ping followed by the URL of the site.
This was entered at the command prompt: ping www.hackthissite.org
Based on what we see, the website www.hackthissite.org has the IP address 188.8.131.52.
To determine if they are online, ping the IP address. If the IP address responds, then it is online. Here is the command: ping 184.108.40.206
The next task is to scan the ports. If you are working with Unix, you can write a script to accomplish this. If you are not adept at programming and/or using a Windows system, there is software available that will do the port scans. For demonstration purposes, this example will use a free online port scanner at http://mxtoolbox.com/PortScan.aspx
You start by typing in the IP address, then click Port Scan.
Here is a sample of the results:
You will notice that ports 21 and 80 are open. These are the SSH and HTTP ports.
The next job is to access the open ports. In a Windows environment, you will need to use the command telnet. You may have to install it as a Windows component from the Control Panel. In newer versions of Windows you will need to go to Programs and Features…Turn Windows Features On or Off and then check the boxes next to Telnet Server and Telnet Client.
Type in this command at the command prompt: telnet 220.127.116.11 22
You will notice that you type in the IP address followed by the number of the port you are wanting to access. Normally you will be asked to provide a username and password, which is another challenge.
You have just learned the basics of running a port scan…but what do we use that information for? On to the next chapter!
Online Port Scanning Tool: http://mxtoolbox.com/PortScan.aspx
What’s My IP Address: http://whatismyipaddress.com/