https://dwaves.de/2018/02/27/nmap-basic-network-scanning-overview-over-lan/
DO NOT SEND YOUR PASSWORT WITH TELNET!
people might capture those unencrypted passwords on backbone-level… the NSA is the largest state-sponsored hacking organization on this planet.
with telnet you can test what service and even it’s version number is running
just in case you want to scan the internet for a specific version of a software that has a specific bug that you want to exploit:
DON’T TO THIS IN YOUR COMPANY NET UNLESS YOU ARE PERMITTED TO!
scanning local network
# scan local network for alive hosts and open ports (range 20-200)
nmap -v -p 20-100 -sS 192.168.1.0/24
scanning specific host
nmap -v dwaves.de; # shows
Not shown: 988 filtered ports
PORT STATE SERVICE
22/tcp open ssh
25/tcp open smtp
53/tcp open domain
80/tcp open http
143/tcp open imap
443/tcp open https
465/tcp open smtps
587/tcp open submission
993/tcp open imaps
2525/tcp open ms-v-worlds -> no, it is debian-exim
8083/tcp open us-srv
9001/tcp open tor-orport
telnet dwaves.de 25
Trying 78.46.249.71...
Connected to dwaves.de.
Escape character is '^]'.
220 dwaves.de ESMTP Exim 4.84_2 Thu, 04 May 2017 11:48:10 +0200
help
214-Commands supported:
214 AUTH STARTTLS HELO EHLO MAIL RCPT DATA NOOP QUIT RSET HELP
QUIT
221 dwaves.de closing connection
Connection closed by foreign host.
telnet dwaves.de 587
Trying 78.46.249.71...
Connected to dwaves.de.
Escape character is '^]'.
220 dwaves.de ESMTP Exim 4.84_2 Thu, 04 May 2017 12:38:02 +0200
HELP
214-Commands supported:
214 AUTH STARTTLS HELO EHLO MAIL RCPT DATA NOOP QUIT RSET HELP
QUIT
221 dwaves.de closing connection
Connection closed by foreign host.
telnet dwaves.de 2525; # exim is also listening on port 2525
Trying 78.46.249.71...
Connected to dwaves.de.
Escape character is '^]'.
220 dwaves.de ESMTP Exim 4.84_2 Thu, 04 May 2017 12:24:50 +0200
QUIT
221 dwaves.de closing connection
Connection closed by foreign host.
telnet dwaves.de 143
Trying 78.46.249.71...
Connected to dwaves.de.
Escape character is '^]'.
* OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE STARTTLS AUTH=PLAIN AUTH=LOGIN] Dovecot ready.
1 LOGOUT
* BYE Logging out
1 OK Logout completed.
Connection closed by foreign host.
telnet dwaves.de 443
Trying 78.46.249.71...
Connected to dwaves.de.
Escape character is '^]'.
HELLO
HTTP/1.1 400 Bad Request
Server: nginx
Date: Thu, 04 May 2017 10:31:04 GMT
Content-Type: text/html
Content-Length: 166
Connection: close
<html>
<head><title>400 Bad Request</title></head>
<body bgcolor="white">
<center><h1>400 Bad Request</h1></center>
<hr><center>nginx</center>
</body>
</html>
Connection closed by foreign host.
telnet dwaves.de 53
Trying 78.46.249.71...
Connected to dwaves.de.
Escape character is '^]'.
Connection closed by foreign host.
telnet dwaves.de 465
Trying 78.46.249.71...
Connected to dwaves.de.
Escape character is '^]'.
QUIT
Connection closed by foreign host.
telnet dwaves.de 993
Trying 78.46.249.71...
Connected to dwaves.de.
Escape character is '^]'.
HELP
QUIT
Connection closed by foreign host.
so now you know my server is running:
- 25, 587: SMTP: EXIM in the version 4.84_2
- email can be received and you have external network access on one of the following ports – 23, 25, 26, 2525
- does dislose info about used mail-service and version
- 465: SMTPS: EXIM: Mail-Message Submission from server to server RFC 4409
- for backward compatibility still served on port 465
- should be 587 – new IANA designeated port
- does not dislose info about used mail-service and version
- 2525: EXIM again:
# This transport is used for delivering messages over SSH-tunneled SMTP # connections to port 2525 on localhos
- 143: IMAP: Dovecot – version unkown
- 993: IMAPS: Dovecot – version unkown
- does not dislose info about used mail-service and version
- dovecot is a POP and IMAP mailserver; it is used in 68% of IMAP server deployments worldwide. The audit was performed by Cure53.The team found the following problems:
- 3 Low
The Cure53 team were extremely impressed with the quality of the dovecot code. They wrote: “Despite much effort and thoroughly all-encompassing approach, the Cure53 testers only managed to assert the excellent security-standing of Dovecot. More specifically, only three minor security issues have been found in the codebase, thus translating to an exceptionally good outcome for Dovecot, and a true testament to the fact that keeping security promises is at the core of the Dovecot development and operations.” (Dates: October 2016 – January 2017)
- 443: HTTPS: nginx – version unkown
- 53: DNS: binary protocol – not possible to interact with it with telnet? https://tools.ietf.org/html/rfc1035#section-4
links:
list open ports: dwaves.de/2015/06/16/linux-list-all-open-ports/
bug-track: keep an eye on: https://www.debian.org/Bugs/
advanced search: https://bugs.debian.org/cgi-bin/pkgreport.cgi?dist=unstable;package=
https://lists.exim.org/lurker/list/exim-announce.en.html
http://users.informatik.uni-halle.de/~beckmann/Firewall/
https://securingthehuman.sans.org/blog
https://securingthehuman.sans.org/blog/2017/04/12/game-on-2017-security-awareness-summit
https://securingthehuman.sans.org/blog/2017/04/04/sigh-the-goal-of-security-is-good-enough
http://sectools.org/tag/vuln-scanners/
http://sectools.org/tag/web-scanners/
https://wiki.mozilla.org/MOSS/Secure_Open_Source/Completed
https://www.qualys.com/research/top10/
https://threatpost.com/ – by Kaspersky Lab Security News Service
liked this article?
- only together we can create a truly free world
- plz support dwaves to keep it up & running!
- (yes the info on the internet is (mostly) free but beer is still not free (still have to work on that))
- really really hate advertisement
- contribute: whenever a solution was found, blog about it for others to find!
- talk about, recommend & link to this blog and articles
- thanks to all who contribute!