Hi everyone, and welcome to this lab project: Finding Open Service Ports Using Kali Linux.

10 hours ago 7

BOOK THIS SPACE FOR AD

ARTICLE AD

Hi everyone, and welcome to this lab project: Finding Open Service Ports Using Kali Linux. Today, I’ll guide you step-by-step through discovering open service ports on a target machine using tools like nmap. Along the way, we’ll also look at some practical security implementations to mitigate the risks associated with open ports.

Let’s dive right in.

The goal here is to identify open ports and understand the services running on them. This is crucial because open ports are often the first entry point attackers exploit. For this lab, you’ll need two virtual machines: Kali Linux as the host machine and Metasploitable2 as the target. Make sure both are installed on a virtualization platform like VirtualBox or VMware and connected to the same virtual network, either using a Host-Only or NAT configuration.

To begin, log in to your Metasploitable2 machine and run the ifconfig command. This will give you the target’s IP address—take note of it. Once you’ve got that, switch to Kali Linux and verify the connection with a quick ping:

ping <Target_IP>

If the target responds, you’re ready to start scanning.

Let’s start with the basics. Open a terminal in Kali Linux and run this command:

nmap <Target_IP>

This performs a default scan of the most common 1,000 ports and gives you a list of what’s open. The output will show you which ports are active and the services they’re running. This is your first look into what’s exposed on the target machine.

Now, let’s go deeper. We’ll use the -sV flag to gather detailed information about the services and their versions:

nmap -sV <Target_IP>

For example, you might see something like this:

21/tcp open ftp vsftpd 2.3.4
22/tcp open ssh OpenSSH 4.7p1
80/tcp open http Apache httpd 2.2.8

This information is critical because specific software versions often have known vulnerabilities.

Next up is an aggressive scan for more comprehensive details. Use the -A flag:

nmap -A <Target_IP>

This adds OS detection, script scanning, and traceroute to the mix. You’ll likely get operating system details, uptime information, and even hints about potential misconfigurations.

Sometimes, attackers look for services running on unusual ports. To ensure nothing is missed, run a scan of all 65,535 ports using the -p- flag:

nmap -p- <Target_IP>

Keep in mind, this takes longer but gives a complete picture of the target’s exposure.

For a vulnerability-focused scan, the Nmap Scripting Engine, or NSE, is incredibly useful. You can run pre-installed scripts like this:

nmap --script vuln <Target_IP>

This will detect vulnerabilities like outdated software or weak configurations, giving you actionable insights to secure the system.

Finally, save your results for later analysis:

nmap -oN scan_results.txt <Target_IP>

This creates a readable file with all the data from your scan, so you can refer back to it as needed.

Now that we’ve identified open ports, let’s look at securing them.

Regular Updates:
Keeping systems up to date is your first line of defense. Use commands like:sudo apt update && sudo apt upgradeThis patches known vulnerabilities in software.Firewall Configuration:
A firewall is essential for controlling access to services. On Linux, use UFW:sudo ufw enable sudo ufw allow 22/tcpThis ensures only necessary ports, like SSH, are accessingService Hardening:
Disable services you don’t need. For example, if FTP isn’t required, stop and disable it:sudo systemctl stop vsftpd sudo systemctl disable vsftpdThis reduces your attack surface significantly.Access Controls:
Restrict access to critical services like SSH. Edit your file and specify which users and IPs are allowed:/etc/ssh/sshd_configAllowUsers user@<IP>Intrusion Detection Systems:
Deploy tools like Snort or Suricata to monitor for suspicious activity. These can alert you to unauthorized access attempts in real-time.

And that’s it! By following this lab, you’ve successfully identified open service ports, learned how to interpret scan results, and explored key security measures to mitigate risks. Remember, scanning and securing systems should always be done ethically and with explicit permission.

Read Entire Article