Dynamic Host Configuration Protocol (DHCP) Pentesting

DHCP uses UDP. Port 67 is for a server, port 68 is for a client.

Enumeration

nmap -sU --script broadcast-dhcp-discover -p 67,68 <target-ip>

IRC (Internet Relay Chat) Pentesting

IRC is a protocol that allows the communication in the form of text between multiple parties. Default ports are 194,6667.

Enumeration

nmap --script irc-botnet-channels,irc-info,irc-unrealircd-backdoor -p 194 <ip>

Memcache Pentesting

Memcached is a general-purpose distributed memory caching system. A default port is 11211.

- [11211-memcache](https://book.hacktricks.xyz/network-services-pentesting/11211-memcache)

Communication

We can communicate with memcache server using Netcat.

nc -vn <ip> 11211
Connection to <ip> 11211 port [tcp/*] succeeded!

# Commands in nc
version
stats
stats slabs
stats items
stats cachedump <number> 0
stats cachedump 1 0
get <item_name>

Modbus Pentesting

Modbus is a data communications protocol. A default port is 502.

Enumeration

nmap --script modbus-discover --script-args modbus-discover.aggressive=true -p 502 <target-ip>

NTP (Network Time Protocol) Pentesting

NTP is a networking protocol for clock synchronization between computer systems over packet-switched. Default port is 123. It uses UDP.

Enumeration

nmap -sU --script ntp-info -p 123 <target-ip>
nmap -sU --script ntp-monlist -p 123 <target-ip>
nmap -sU --script ntp* -p 123 <target-ip>
nmap -sU --script "ntp* and (discovery or vuln) and not (dos or brute)" -p 123 <target-ip>

PPTP Pentesting

PPTP is one of the first VPN protocols. It relies on the MPPE (Microsoft Point-to-Point Encryption) protocol. A default port is 1723.

refs: - common-vpn-vulnerabilities-exploits

Enumeration

nmap --script pptp-version -p 1723 <target-ip>

TFTP (Trivial File Transfer Protocol) Pentesting

TFTP is a simple lockstep file transfer protocol which allows a client to get a file from or put a file onto a remote host. It uses UDP. A default port is 69.

Enumeration

nmap -sU --script tftp-enum -p 69 <target-ip>

Configuration Files

cat /etc/inetd.conf
# or
cat /etc/xinetd.d/tftp

UPnP (Universal Plug and Play) Pentesting

UPnP is a network protocol that allow devices to discover and interact with each other seamlessly over a local network. Default ports are 1900(UDP) and 5000 (TCP).

Enumeration

nmap -sU --script upnp-info -p 1900 <ip>
nmap --script upnp-info -p 5000 <ip>
nmap --script broadcast-upnp-info -p 1900 <ip>

EthernetIP Pentesting

Enumeration

nmap --script enip-info -p 44818 <target-ip>

WASTE Pentesting

Connect

connect <target-ip> 1337
# or
nc <target-ip> 1337