端口
服务
攻击手段
案列
21
ftp
1.是否支持匿名
22
ssh
23
telnet
80
http
1.管理后台
2.常见的web漏洞
161
snmp
public 弱口令
https://wooyun.x10sec.org/static/bugs/wooyun-2016-0185940.html
389
ldap
是否匿名访问
https://wooyun.x10sec.org/static/bugs/wooyun-2016-0182093.html
443
openssl
心脏出血以及一些web漏洞测试
445
smb
2是否有ms_08067等溢出875
rsync
1.匿名访问
https://wooyun.x10sec.org/static/bugs/wooyun-2016-0190815.html
1433
1521
oracle
2601-2604
zebra路由
默认密码zebra
https://wooyun.x10sec.org/static/bugs/wooyun-2014-049037.html
3128
squid代理默认端口
匿名访问
3306
3389
mstsc
2.shift后门3.找找放大镜
4输入法漏洞
shite后门:https://wooyun.x10sec.org/static/bugs/wooyun-2015-0156148.html
放大镜:
输入法:https://wooyun.x10sec.org/search?keywords=%E8%BE%93%E5%85%A5%E6%B3%95%E6%BC%8F%E6%B4%9E&content_search_by=by_bugs
4440
rundeck web
4848
glassfish
弱口令 admin/adminadmin
7001-7002
weblogic
https://wooyun.x10sec.org/static/bugs/wooyun-2015-0148737.html
tomcat
2.tomcat爆出很多漏洞https://wooyun.x10sec.org/search?keywords=tomcat&content_search_by=by_bugs
jboss
1.后台不认证
2.弱口令
3.其他漏洞
https://wooyun.x10sec.org/search?keywords=jboss&content_search_by=by_bugs
8000-9090
常见的web端口
1.有些运维喜欢讲后台放到这些端口
9000
fcgi
php执行
9200
elasticsearch
代码执行
https://wooyun.x10sec.org/static/bugs/wooyun-2015-0114443.html
9043
websphere
弱口令admin/admin
websphere/websphere
ststem/manager
https://wooyun.x10sec.org/search?keywords=websphere&content_search_by=by_bugs
11211
memcache
内存泄漏
27017
未授权访问
27018
统计页面
50060
hadoop