Port Knocking

Discovery

# You find a port knocking configuration in SMB share or other locations.
# ./private/opensesame/config, 
# /etc/knockd.conf, etc.
[openHTTP] 
    sequence     = 159,27391,4

Knocking

# Oneliner
for port in 159 27391 4; do nmap -Pn --host_timeout 201 --max-retries 0 -p $port $RHOST; done

# Separate commadns 
nc -v $RHOST 159
nc -v $RHOST 27391
nc -v $RHOST 4

Enumeration again

nmap -sC -sV $RHOST
PreviousPort 1098/1099- Pentesting Java RMINextActive Directory

Last updated