|
| 1 | +## Description |
| 2 | + |
| 3 | + This module will enumerate open TCP services by performing a full TCP connect on each port. This will establish a complete three-way handshake (SYN -> SYN/ACK -> ACK) on the target port. This does not need administrative privileges on the source machine, which may be useful if pivoting. |
| 4 | + |
| 5 | +## Vulnerable Application |
| 6 | + |
| 7 | + Any reachable TCP endpoint is a potential target. |
| 8 | + |
| 9 | +## Options |
| 10 | + |
| 11 | + **PORTS** |
| 12 | + |
| 13 | + This is the list of ports to test for TCP Scan on each host. |
| 14 | + Formats like `1-3`, `1,2,3`, `1,2-3`, etc. are all supported. Default |
| 15 | + options is to scan `1-10000` ports. |
| 16 | + |
| 17 | + **ConnectTimeout** |
| 18 | + |
| 19 | + This options states the maximum number of seconds to establish a tcp |
| 20 | + connection. Default value if `10`. |
| 21 | + |
| 22 | + **VERBOSE** |
| 23 | + |
| 24 | + Gives detailed message about the scan of all the ports. It also shows the |
| 25 | + ports that were closed. |
| 26 | + |
| 27 | +## Verification Steps |
| 28 | + |
| 29 | + 1. Do: ```use auxiliary/scanner/portscan/tcp``` |
| 30 | + 2. Do: ```set RHOSTS [IP]``` |
| 31 | + 3. Do: ```set PORTS [PORTS]``` |
| 32 | + 4. Do: ```run``` |
| 33 | + |
| 34 | +## Scenarios |
| 35 | + |
| 36 | +### Metaspliotable 2 |
| 37 | + |
| 38 | +``` |
| 39 | +msf > use auxiliary/scanner/portscan/tcp |
| 40 | +msf auxiliary(tcp) > set RHOSTS 192.168.45.159 |
| 41 | +msf auxiliary(tcp) > set PORTS 1-10000 |
| 42 | +msf auxiliary(tcp) > run |
| 43 | +[*] 192.168.45.159: - 192.168.45.159:25 - TCP OPEN |
| 44 | +[*] 192.168.45.159: - 192.168.45.159:21 - TCP OPEN |
| 45 | +[*] 192.168.45.159: - 192.168.45.159:23 - TCP OPEN |
| 46 | +[*] 192.168.45.159: - 192.168.45.159:22 - TCP OPEN |
| 47 | +[*] 192.168.45.159: - 192.168.45.159:53 - TCP OPEN |
| 48 | +[*] 192.168.45.159: - 192.168.45.159:80 - TCP OPEN |
| 49 | +[*] 192.168.45.159: - 192.168.45.159:111 - TCP OPEN |
| 50 | +[*] 192.168.45.159: - 192.168.45.159:139 - TCP OPEN |
| 51 | +[*] 192.168.45.159: - 192.168.45.159:445 - TCP OPEN |
| 52 | +[*] 192.168.45.159: - 192.168.45.159:513 - TCP OPEN |
| 53 | +[*] 192.168.45.159: - 192.168.45.159:514 - TCP OPEN |
| 54 | +[*] 192.168.45.159: - 192.168.45.159:512 - TCP OPEN |
| 55 | +[*] 192.168.45.159: - 192.168.45.159:1099 - TCP OPEN |
| 56 | +[*] 192.168.45.159: - 192.168.45.159:1524 - TCP OPEN |
| 57 | +[*] 192.168.45.159: - 192.168.45.159:2049 - TCP OPEN |
| 58 | +[*] 192.168.45.159: - 192.168.45.159:2121 - TCP OPEN |
| 59 | +[*] 192.168.45.159: - 192.168.45.159:3306 - TCP OPEN |
| 60 | +[*] 192.168.45.159: - 192.168.45.159:3632 - TCP OPEN |
| 61 | +[*] 192.168.45.159: - 192.168.45.159:5432 - TCP OPEN |
| 62 | +[*] 192.168.45.159: - 192.168.45.159:5900 - TCP OPEN |
| 63 | +[*] 192.168.45.159: - 192.168.45.159:6000 - TCP OPEN |
| 64 | +[*] 192.168.45.159: - 192.168.45.159:6667 - TCP OPEN |
| 65 | +[*] 192.168.45.159: - 192.168.45.159:6697 - TCP OPEN |
| 66 | +[*] 192.168.45.159: - 192.168.45.159:8009 - TCP OPEN |
| 67 | +[*] 192.168.45.159: - 192.168.45.159:8180 - TCP OPEN |
| 68 | +[*] 192.168.45.159: - 192.168.45.159:8787 - TCP OPEN |
| 69 | +[*] Scanned 1 of 1 hosts (100% complete) |
| 70 | +[*] Auxiliary module execution completed |
| 71 | +``` |
0 commit comments