Port service penetration testing
tcp 20, 21 FTP (File Transfer Protocol) allows anonymous upload and download, blasting, sniffing, win privilege escalation, remote execution (proftpd 1.3.5), various backdoors (proftpd, vsftp 2.3.4)
tcp 22 SSH (Secure Shell Protocol) can try to blast according to the collected information, the v1 version can be a middleman, ssh tunnel and intranet agent forwarding, file transfer, etc.
tcp 23 Telnet (Remote Terminal Protocol) blasting, sniffing, generally used for routing, switching login, you can try weak passwords
tcp 25 SMTP (Simple Mail Transfer Protocol) mail forgery, vrfy/expn query mail user information, you can use smtp-user-enum tool to run automatically
tcp/udp 53 DNS (Domain Name System) Allow zone transfer, dns hijacking, cache poisoning, spoofing and various remote control based on dns tunnel
tcp/udp 69 TFTP (Trivial File Transfer Protocol) Attempts to download the target and its various important configuration files
tcp 80-89, 443, 8440-8450, 8080-8089 Various commonly used web service ports can try classic topn, vpn, owa, webmail, target oa, various Java consoles, various server web management panels, various web middleware exploits, various web framework exploits, etc...
tcp 110 POP3 (post office protocol version 3) can try blasting and sniffing
tcp 111,2049 NFS (Network File System) permissions are improperly configured
tcp 137,139,445 SMB (NETBIOS protocol) You can try to blast and exploit various remote execution vulnerabilities of smb itself, such as ms08-067, ms17-010, sniffing, etc...
tcp 143 IMAP (Mail Access Protocol) can try to blast
udp 161 SNMP (Simple Network Management Protocol) Blast the default team string to collect target intranet information
tcp 389 LDAP (Lightweight Directory Access Protocol) ldap injection, allowing anonymous access, weak passwords
tcp 512,513,514 Linux rexec (remote login) can be blasted, rlogin login
tcp 873 Rsync (data mirror backup tool) anonymous access, file upload
tcp 1194 OpenVPN (Virtual Private Channel) Find a way to phishing VPN accounts and enter the intranet
tcp 1352 Lotus (Lotus software) weak password, information leakage, blasting
tcp 1433 SQL Server (database management system) injection, privilege escalation, sa weak password, blasting
tcp 1521 Oracle (Oracle inscription database) tns blasting, injection, shell shell...
tcp 1500 ISPmanager (host control panel) weak password
tcp 1723 PPTP (Point-to-Point Tunneling Protocol) blasting, find a way to phishing VPN accounts, and enter the intranet
tcp 2082,2083 cPanel (virtual machine control system) weak password
tcp 2181 ZooKeeper (reliable coordination system for distributed systems) unauthorized access
tcp 2601,2604 Zebra (zebra routing) default password zerbra
tcp 3128 Squid (proxy cache server) weak password
tcp 3312,3311 kangle (web server) weak password
tcp 3306 MySQL (database) injection, privilege escalation, blasting
tcp 3389 Windows rdp (desktop protocol) shift backdoor [requires a system below 03], blasting, ms12-020
tcp 3690 SVN (open source version control system) svn leak, unauthorized access
tcp 4848 GlassFish (application server) weak password
tcp 5000 Sybase/DB2 (database) blasting, injection
tcp 5432 PostgreSQL (database) blasting, injection, weak password
tcp 5900,5901,5902 VNC (virtual network console, remote control) Weak password blasting
tcp 5984 CouchDB (database) arbitrary command execution caused by unauthorized
tcp 6379 Redis (database) can try unauthorized access, weak password blasting
tcp 7001,7002 WebLogic (WEB application system) Java deserialization, weak password
tcp 7778 Kloxo (virtual host management system) host panel login
tcp 8000 Ajenti (Linux server management panel) weak password
tcp 8443 Plesk (virtual hosting management panel) weak password
tcp 8069 Zabbix (system network monitoring) remote execution, SQL injection
tcp 8080-8089 Jenkins, JBoss (application server) deserialization, console weak password
tcp 9080-9081, 9090 WebSphere (application server) Java deserialization password
tcp 9200,9300 ElasticSearch (Lucene's search server) remote execution
tcp 11211 Memcached (caching system) unauthorized access
tcp 27017, 27018 MongoDB (database) blasting, unauthorized access