Services
DNS
Domain Name System — zone transfers, record enumeration, and subdomain brute-forcing.
FTP
File Transfer Protocol — anonymous access, credential brute-forcing, and file exposure.
SMB
Server Message Block — share enumeration, null sessions, and lateral movement.
SMTP
Simple Mail Transfer Protocol — user enumeration and open relay abuse.
IMAP / POP3
Mail retrieval protocols — credential attacks and mailbox access.
SNMP
Simple Network Management Protocol — community string brute-forcing and MIB enumeration.
SSH
Secure Shell — key-based attacks, credential brute-forcing, and tunneling.
RDP
Remote Desktop Protocol — BlueKeep, credential attacks, and session hijacking.
WinRM
Windows Remote Management — authentication, Evil-WinRM, and lateral movement.
WMI
Windows Management Instrumentation — remote execution and enumeration.
NFS
Network File System — export enumeration, UID spoofing, and file access.
Rsync
Rsync — unauthenticated module listing and file retrieval.
R-Services
Berkeley R-Services — trust relationships and rlogin/rsh abuse.
IPMI
Intelligent Platform Management Interface — authentication bypass and hash extraction.
MySQL
MySQL — enumeration, UDF exploitation, and credential extraction.
Oracle TNS
Oracle TNS Listener — SID enumeration and credential attacks.
MSSQL
Microsoft SQL Server — enumeration, xp_cmdshell, and linked server abuse.
Port & Services
| Port | Service |
|---|---|
| 20 | FTP |
| 22 | SSH |
| 25, 587 | SMTP |
| 53 | DNS |
| 110, 143, 993, 995 | IMAP / POP3 |
| 111, 2049 | NFS |
| 135 | WMI |
| 161, 162 | SNMP |
| 445 | SMB |
| 512, 513, 514 | R-Services |
| 623 | IPMI |
| 873 | Rsync |
| 1433 | MSSQL |
| 1521 | Oracle TNS |
| 3306 | MySQL |
| 3389 | RDP |
| 5985, 5986 | WinRM |
OSI Layers & Attacks
| OSI Layer | Attack |
|---|---|
| Application | Exploit |
| Presentation | Phishing |
| Session | Hijacking |
| Transport | Reconnaissance |
| Network | MITM |
| Data Link | Spoofing |
| Physical | Sniffing |