Showing posts from October, 2015

Tango Down (CTF4) : Capture The Flag (CTF) 4 Lamp Security Challenge

Lab Environment :

Victim Host :,83/  on VirtualBox (MacOS) Attacking Host : KALI (On Virtual Box)
Network : Host-Only (VirtualBox)
Tools : As mentioned in the walkthrough below

Discovery :

- Search the IP, start the VM, select the network to Host Only network, now we are aware the subnet used by host only, just run an nmapscan to identify the network IP.

We got the below IP and services :

Nmapscan report for
Host is up (0.00043s latency).
Not shown: 96 filtered ports
22/tcp open ssh
25/tcp open smtp
80/tcp open http
631/tcpclosed ipp
MAC Address: 08:00:27:37:40:F6 (CadmusComputer Systems)

To confirm, Telnet on 25 port
root@kali:~# telnet 25

Connected to
Escape character is '^]'.
220; Sat, 24 Oct 2015 00:05:52 -0400
501 5.0.0 HELOrequires domain address
500 5.5.1 Command unrecognized: "VRY…

Common TCP/IP Ports For Penetration Testers

Some of the ports of interests for penetration testers are :

Port NumberUsageProtocolSome Enumeration Commands and Tools21FTPTCPNmap NSE,22SSHTCP,UDPTBD23TelnetTCPTBD25SMTPTCPNmap NSE53DNSTCP,UDPNmap NSE, dnsrecon, nslookup80HTTPTCP,UDPNmap NSE, nikto, dirbuster123NTPTCPTBD135Microsoft RPCTCP,UDPNmap NSE, 137NetBIOS Name ServiceTCP,UDPNmap NSE, 139NetBIOS Session Service,
Samba (SMB,CIFS)TCP,UDPNmap NSE, smbclient161SNMPTCP,UDPsnmpwalk, onesixtyone162SNMP TrapTCP,UDPsnmpwalk, onesixtyone389LDAPTCP,UDPTBD443HTTPSTCP,UDPNmap NSE, nikto, dirbuster445Microsoft-dsTCPNmap NSE, PsExec, nbtstat3306MySQLTCPNmap NSE, sqlmap3368Global CatalogueTCPTBD3389RDPTCPTBD List of Ports and usage

If you have any suggestions, please leave your comments below to add some here..