Basic techniques to attack a network system

Nmap a network mapper, is an open source tool that could be used to discover open ports & services running on a network system. It could scan a port range but when scanned for top 100 common ports it reports few open ports & service versions running on those such as ftp (port 21) , ssh (22) , smtp(25), 80 (http) , 139 (smb) , 443 (https) and so on…..

A web server(network system) could host different or same web applications at different ports such as 80 (http version) & 443 (https version) even there could be a proxy set up on the server say at port 8080 which often makes the reconnaissance phase a bit difficult if its enabled or configured with credentials because its one part to discover what open ports are available on the server & the other to use various tools to further recon the target. If a proxy is configured with credentials these other tools need to be supplied with proxy info to gain further info of the target.

There could be some known exploits on the services running on some ports & if lucky we could get shell access to the system by using known exploits, remote code execution, command execution, or a combination of multiple vulnerabilities such as file upload & local file inclusion or remote file inclusion.

In some cases we may overlook the low hanging fruits or give up on a certain route but when combined with other multiple vulnerabilities they could be a worth trying.It all depends on a bit of practice & exploring various attack techniques.

A small example:

Lets say there is an ftp port open with anonymous login, this some times could be a rabbit hole allowing us to do nothing & in some cases it could give us juicy info such as database credentials of a backend service running on a specific port or allowing us to host a specific reverse shell assuming we have access to web root which gives shell access upon accessing the uploaded file & having a listener started.