Port scanning and what to do with it

[bobbymccooscoos]

Hi,
I recently found out about port scanning and I am wondering lets say that I found out that someones port was opened (I found that a friend had port 8080 opened) so now what can I do. Also, What should he do to prevent me from doing that?
thanks.

[Goatboy]

Generally - assuming you don't already have access - you would find out what service+version is running, find/discover a vulnerability, and then exploit it. It sounds easy in writing, but it's not always that simple. You also have to be cautious of any IDS (Intrusion Detection System) or IPS (Intrusion Prevention System) that may be running. After all, what's it worth if you get caught?

After that, you pretty much do what you want. If you're after specific information, it's best to just grab it, cover your tracks, and leave. However, maybe you want access to the machine to use it as an attack platform. In this case, you need to create yourself a nice little backdoor. This is so you don't have to run the exploit each time, or risk it getting patched.

[insomaniacal]

Goatboy (Like usual xD) gave a million dollar reply.

If you're feeling up to it, read about the protocol it's running, and write some code to poke around for some fun.

[Avery17]

Just wanna put out there real quick that port 8080 is the same as port 80 which is useless. It's pretty much open on all machines and is just used for http and web services.

[Goatboy]

Just wanna put out there real quick that port 8080 is the same as port 80 which is useless. It's pretty much open on all machines and is just used for http and web services.

wat

That's not even close to being right. The port does not decide what is running on it. A port is just a number used to organize incoming packets. I could set SSH to run on port 80, and DNS to run on 8080. Moreover, port 8080 is more generally used for a proxy than anything. And tell me, how is HTTP useless? Without web pages, half the missions here would not be possible.

And it's not "pretty much open on all machines" because I know for a fact that ~93% of the market share for desktop computers is running some form of Windows, and most of those (XP, Vista, 7, etc.) do not run HTTP by default.

[IncandescentLight]

That's why when you scan, using a port scanner such as NMap, you are searching for the port number and daemon(service). If the machine is running an outdated or exploitable service you can find the exploit on sites such as http://www.exploit-db.com. Or, if you are a script kiddie, you can go for good old metasploit. You can actually create your own exploits on that platform. If you know ruby, I can introduce you to Ronin to write exploits.

[tremor77]

I've found 8080 to be most often, router web admin login, whereas 80, is often personal or small business webserver running behind the router. Either way, don't assume that any port is running the standard protocol for that port. Beware port scans that result in an abnormal amount of open ports, is likely a honeypot.