Skip to main content

🙇🏻‍♂️ Port Scanners 🙇🏻‍♂️

 A port scanner is basically a software utility that can be used to determine which ports a host is accepting connections on. For example, if I wanted to see if I could pull up a web page from any hosts on my network, I would scan my subnet to see if any hosts have port 80 open. But this is a basic example. The information obtained from a port scanner can help attackers read between the lines and determine the purpose of a host on their network. For example, if a port scanner showed that a host had port 9100 open, you could reasonably assume that the host you scanned is either a printer or a print server since port 9100 is used for printing. I know, I know, printers are boring. But it is amusing to think that you could send print jobs to your neighbor’s printer and print anything you wanted to after identifying their printer with a port scanner (don’t actually do that, it’s just funny to think about). 


But think how far an attacker could take this concept. By identifying the services that are running on a host, they can determine what type of server they are dealing with, whether or not they have found an infrastructure device like a router, switch, or firewall, or find ways to attack end user computers by making connections on their active ports. 


Now take a moment to consider things from a white hat perspective. An ethical hacker could use a port scanner to verify that all of the ports on a network that should be closed are actually closed. It is a useful verification tool that can be used to prevent vulnerabilities.

Labels:

Comments

Post a Comment

Popular posts from this blog

What is Bug Bounty in Cyber Security 2022?

Task 1 | What is Penetration Testing? Before teaching you the technical hands-on aspects of ethical hacking, you'll need to understand more about what a penetration tester's job responsibilities are and what processes are followed in performing pentests (finding vulnerabilities in a client's application or system).   The importance and relevancy of cybersecurity are ever-increasing and can be in every walk of life. News headlines fill our screens, reporting yet another hack or data leak.   Cybersecurity is relevant to all people in the modern world, including a strong password policy to protect your emails or to businesses and other organizations needing to protect both devices and data from damages.   A Penetration test or pentest is an ethically-driven attempt to test and analyze the security defenses to protect these assets and pieces of information. A penetration test involves using the same tools, techniques, and methodologies that someone with malicio...
Post a Comment
Read more

WHAT IS SESSION HIJACKING?

  What is Session Hijacking? A session is the period of time when you as a user are actively accessing an application, website, or other online service. Each user session begins when you log into a website or app and ends when you log out of it. For example, when you type your username and password into a banking application, that begins your session on that online application. When you log into an online application, for example, amzon.com, their server typically generates a temporary session cookie in your browser. This cookie tells your browser that you are logged in and have been authenticated on the server by Amazon. Each temporary session cookie is marked by a unique session ID, or key. If a hacker is able to access your unique session ID, they can access your session. Let us take the example of Facebook. For example, when you log into Facebook, a session begins. This allows you to keep using Facebook (even if you close and reopen the web browser) until you click on ‘log out’...
Post a Comment
Read more