{"id":295,"date":"2021-04-25T18:05:22","date_gmt":"2021-04-25T18:05:22","guid":{"rendered":"https:\/\/sirensecurity.io\/blog\/?p=295"},"modified":"2021-07-15T03:03:42","modified_gmt":"2021-07-15T03:03:42","slug":"port-knocking","status":"publish","type":"post","link":"https:\/\/sirensecurity.io\/blog\/port-knocking\/","title":{"rendered":"Port Knocking"},"content":{"rendered":"\n<div class=\"wp-block-cover has-background-dim\"><img loading=\"lazy\" decoding=\"async\" width=\"4288\" height=\"2848\" class=\"wp-block-cover__image-background wp-image-296\" alt=\"\" src=\"https:\/\/sirensecurity.io\/blog\/wp-content\/uploads\/2021\/04\/7-1.jpg\" data-object-fit=\"cover\"\/><div class=\"wp-block-cover__inner-container is-layout-flow wp-block-cover-is-layout-flow\">\n<p class=\"has-vivid-red-color has-text-color\" id=\"port-knocking\">S1REN<\/p>\n\n\n\n<p class=\"has-text-align-center has-large-font-size\">And you thought there was nothing here.<\/p>\n<\/div><\/div>\n\n\n\n<p>Knock knock.<br><em>Who's there?<\/em><\/p>\n\n\n\n<p id=\"port-knocking\"><img loading=\"lazy\" decoding=\"async\" width=\"350\" height=\"208\" class=\"wp-image-297\" style=\"width: 350px;\" src=\"https:\/\/sirensecurity.io\/blog\/wp-content\/uploads\/2021\/04\/doorsAndCornersKid.gif\" alt=\"\"><br><br>Nothing on the nmap scan? But you found a cool and strange sequence of numbers?<br><em>Lets try Port knocking.<\/em><br><br><a rel=\"noreferrer noopener\" href=\"https:\/\/en.wikipedia.org\/wiki\/Port_knocking\" target=\"_blank\">https:\/\/en.wikipedia.org\/wiki\/Port_knocking<\/a><br>In computer networking, port knocking is a method of externally opening ports on a firewall by generating a connection attempt on a set of pre-specified closed ports. Once a correct sequence of connection attempts is received, the firewall rules are dynamically modified to allow the host which sent the connection attempts to connect over specific port(s). A variant called single packet authorization (SPA) exists, where only a single \"knock\" is needed, consisting of an encrypted packet.<br><br><a rel=\"noreferrer noopener\" href=\"https:\/\/github.com\/pha5matis\/Pentesting-Guide\/blob\/master\/port_knocking.md\" target=\"_blank\">https:\/\/github.com\/pha5matis\/Pentesting-Guide\/blob\/master\/port_knocking.md<\/a><br>When you \"<strong>knock<\/strong>\" on a port you are really just sending TCP-packets with <em>SYN-flag<\/em> to that port. The closed port will then respond with a <em>ACK\/RST<\/em>. This basically means that the host has received the TCP-packet and - it <strong>ACK<\/strong>nolwdge it, but responds with a <em>Reset<\/em> (<strong>RST<\/strong>) flag. <br><br><strong>RST<\/strong> just means that the <em>port is closed<\/em>.<br><br>+ <strong>Nmap &amp; Bash.<\/strong><br><code>for x in 4000 5000 6000; do<\/code><br>     <code>nmap -Pn <strong>--host-timeout<\/strong> 201 <strong>--max-retries<\/strong> 0 -p $x $IP;<\/code><br><code>done<\/code><br>ssh User@$IP -p &lt;port&gt;<\/p>\n\n\n\n<p><br>+ <strong>Netcat.<\/strong><br>nc 192.168.1.102 4000<br>nc 192.168.1.102 5000<br>nc 192.168.1.102 6000<br>nc 192.168.1.102 8888<br>ssh User@$IP -p &lt;port&gt;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Knock knock.Who's there? Nothing on the nmap scan? But you found a cool and strange sequence of numbers?Lets try Port knocking. https:\/\/en.wikipedia.org\/wiki\/Port_knockingIn computer networking, port knocking is a method of externally opening ports on a firewall by generating a connection attempt on a set of pre-specified closed ports. Once a correct sequence of connection attempts [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":296,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2],"tags":[41,43,44,42,40,4,34,45],"class_list":["post-295","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-s1ren","tag-attack","tag-nc","tag-netcat","tag-nmap","tag-port-knocking","tag-s1ren","tag-siren","tag-siren-security"],"_links":{"self":[{"href":"https:\/\/sirensecurity.io\/blog\/wp-json\/wp\/v2\/posts\/295","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/sirensecurity.io\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/sirensecurity.io\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/sirensecurity.io\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/sirensecurity.io\/blog\/wp-json\/wp\/v2\/comments?post=295"}],"version-history":[{"count":4,"href":"https:\/\/sirensecurity.io\/blog\/wp-json\/wp\/v2\/posts\/295\/revisions"}],"predecessor-version":[{"id":416,"href":"https:\/\/sirensecurity.io\/blog\/wp-json\/wp\/v2\/posts\/295\/revisions\/416"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/sirensecurity.io\/blog\/wp-json\/wp\/v2\/media\/296"}],"wp:attachment":[{"href":"https:\/\/sirensecurity.io\/blog\/wp-json\/wp\/v2\/media?parent=295"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/sirensecurity.io\/blog\/wp-json\/wp\/v2\/categories?post=295"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/sirensecurity.io\/blog\/wp-json\/wp\/v2\/tags?post=295"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}