Open ports discovery

as a beginner i dont know what to do after finding open ports!!
Like how to exploit open ports
What are the methodologies after finding open ports?
HELP!!!

Also a n00b, so more experienced members may chime in. But, from what I’ve learned:

Watch videos on YouTube about enumeration and metasploit use. They will help you, because…

An open port doesn’t necessarily mean “jackpot.” You need to know what is running on the system / port, including software versions, if possible - that is part of the enumeration process. Watch videos on nmap / enumeration with an attention to service / version detection. For example, if you run -A and -v in your query, will it give you info on what the server is running?

Knowing what’s running, you can then turn to metasploit or research known vulnerabilities for that software version. Metasploit tutorials online will show you how to search and run those exploits in metasploit, where they are organized and based on what software they were scripted for.

Look up what a “CVE” is and google CVE / vulnerability databases. Read some CVE’s and you will see exactly what I’m talking about because they lay out what software versions they exploit… which brings you right back to “you need to know what is running on the system” and the importance of getting those details through the enumeration process.

Hopefully that helps. Again, bear in mind I’m also a n00b and see any advice from others with more experience.

2 Likes

THANKS that will work though