How to Scan the Globe for Vulnerable Ports & Services

How to Scan the Globe for Vulnerable Ports & Services

Finding vulnerabilities in systems can be one of the most time-consuming tasks for a hacker.

There will be times, though, when you'll find yourself in a position that you know that a particular port represents a vulnerable application or service.

  For example, the gray-hat hacker, Max Bulter, aka Max Vision, the founder of arachNIDS who's now serving 9 years in federal prison, found that the Aloha Point-of-Sale (POS) system had installed a remote backdoor to all their systems in order to provide technical assistance purposes to their customers.

  How to Scan for Vulnerable Ports:  Step 1

  Open a Text Editor

  To create our script, we need to open a text editor.

Any of the Linux text editors will work; vi, emacs, gedit (in the GNOME), Kate, or KWrite. In this guide, we'll use the KWrite editor built into BackTrack5v3 KDE. We simply type in a terminal:

  kwrite globalportscan.sh

  We can name our script anything, but I have chosen to call it globalportscan.sh.

  Step 2

  Create the Script

  Now we need to type the following lines in our script file.

  #!/bin/bash

  The required opening of all BASH scripts.

  nmap -sT 74.125.225.0/24 -p 5505 -oG aloha

  Does an nmap connect scan (-sT) to the subnet of google.com and looks for the port 5505 open and sends the output (-oG) to a file called aloha.

  cat aloha | grep open > alohaopen

  Opens the file aloha and filters (grep) for lines that say open, and stores those lines in a file called alohaopen.

  cat alohaopen | cut -f2 -d ':' | cut -f1 -d '(' > alohavuln

  Opens the file alohaopen and cuts it at the second field (-f2) defined by the delimiter (-d) semicolon (':'), then pipes that to a second cut command that cuts the file at the first field (-f1) defined by the delimiter (-d) paren ('(') and saves it into a file named alohavuln.

  cat alohavuln

Finally, we open and display the file that contains all the IP addresses of systems with port 5505 open.

  Step 3

  Run the Script

  Now that you have saved the script, it's time to run it.

  sh globalportscan.sh

  Step 4\n
  Final Results

  We can run this script on any IP address or network.

I just used google.com as an example (you're not likely to find port 5505 open at google.com).

Of course, this vulnerability is likely closed in nearly all systems now, but this script can easily be edited to scan for other ports and other IP addresses depending upon your needs.
  _________________________

Related Posts

Share this post

Subscribe Our Newsletter