Education for everyone, everywhere, All Rights Reserved by The World of IT & Cyber Security: ehacking.net 2021. Well, that was a lot of work for nothing. Heartbleed vulnerability (registered as CVE-2014-0160) is a security bug present in the older version of OpenSSL cryptographic library. The example below using rpcinfo to identify NFS and showmount -e to determine that the "/" share (the root of the file system) is being exported. a 16-bit integer. The simple thing to do from here would be to search for relevant exploits based on the versions Ive found, but first I want to identify how to access the server from the back end instead of just attempting to run an exploit. The Meterpreter payloads come in two variants, staged and stageless.Staged payloads use a so-called stager to fetch the actual reverse shell. Nmap is a network exploration and security auditing tool. Source code: modules/auxiliary/scanner/http/ssl_version.rb Many ports have known vulnerabilities that you can exploit when they come up in the scanning phase of your penetration test. One of which is the ssh_login auxiliary, which, for my use case, will be used to load a few scripts to hopefully login using . Metasploit basics : introduction to the tools of Metasploit Terminology. Source code: modules/exploits/multi/http/simple_backdoors_exec.rb The make sure you get different parts of the HEAP, make sure the server is busy, or you end up with repeat repeat. In order to check if it is vulnerable to the attack or not we have to run the following dig command. It can be exploited using password spraying and unauthorized access, and Denial of Service (DoS) attacks. Now lets say a client sends a Heartbeat request to the server saying send me the four letter word bird. This makes it unreliable and less secure. Here are some common vulnerable ports you need to know. Apart from practicing offensive security, she believes in using her technical writing skills to educate readers about their security. 192.168.56/24 is the default "host only" network in Virtual Box. Payloads. This will bind the host port 8022 to the container port 22, since the digitalocean droplet is running its own SSHd, port 22 on the host is already in use.Take note of the port bindings 443450, this gives us a nice range of ports to use for tunneling. In this example, we'll focus on exploits relating to "mysql" with a rank of "excellent": # search rank:excellent mysql Actually conducting an exploit attempt: Not necessarily. Be patient as it will take some time, I have already installed the framework here, after installation is completed you will be back to the Kali prompt. In older versions of WinRM, it listens on 80 and 443 respectively. Sometimes port change helps, but not always. Exitmap is a fast and modular Python-based scanner forTorexit relays. As there are only a handful of full-time developers on the team, there is a great opportunity to port existing public exploits to the Metasploit Framework. This vulnerability allows an unauthenticated user to view private or draft posts due to an issue within WP_Query. Were building a platform to make the industry more inclusive, accessible, and collaborative. The primary administrative user msfadmin has a password matching the username. More from . There were around half a million of web servers claimed to be secure and trusted by a certified authority, were believed to be compromised because of this vulnerability. Service Discovery How to Prepare for the Exam AZ-900: Microsoft Azure Fundamentals? When we access, we see the Wazuh WUI, so this is the IP address of our Wazuh virtual machine. To check for open ports, all you need is the target IP address and a port scanner. However, to keep things nice and simple for myself, Im going to use Google. Metasploit: The Penetration Tester's Guide fills this gap by teaching you how to harness the Framework and interact with the vibrant community of Metasploit . For the sake of simplicity, I will show this using docker-machine First, we need to create a droplet running Docker, after getting hold of an API token for digitalocean, it is merely a matter of running the following command: The region and name of the machine are, of course, up to you.Take note of the IP of the newly created docker-machine.The next step is to run the SSH server as a Docker container. CMS Vulnerability Scanners for WordPress, Joomla, Drupal, Moodle, Typo3.. The page tells me that the host is not trusted, so at this point, I remember that I need to give host privileges to the domain Im trying to access demonstrated below: Im now inside the internal office chat, which allows me to see all internal employee conversations, as well as the ability to interact with the chat robot. TFTP is a simplified version of the file transfer protocol. The two most common types of network protocols are the Transmission Control Protocol (TCP) and the User Datagram Protocol (UDP). Target service / protocol: http, https Disclosure date: 2015-09-08 Heartbleed is still present in many of web servers which are not upgraded to the patched version of OpenSSL. It features an autoadd command that is supposed to figure out an additional subnet from a session and add a route to it. This is done to evaluate the security of the system in question. We will use Metasploit in order to exploit the MS08-67 vulnerability on the ldap389-srv2003 server. NMAP and NSE has hundreds of commands you can use to scan an IP, but Ive chosen these commands for specific reasons; to increase verbosity, to enable OS and version detection, and to probe open ports for service information. Having established the version of the domain from the initial NMAP scan (WordPress 5.2.3), I go ahead and do some digging for a potential exploit to use. Because it is a UDP port, it does not require authentication, which makes it faster yet less secure. So, with that being said, Ill continue to embrace my inner script-kiddie and stop wasting words on why Im not very good at hacking. What I learnt from other writeups is that it was a good habit to map a domain name to the machine's IP address so as that it will be easier to remember. The Metasploit framework is well known in the realm of exploit development. Payload A payload is a piece of code that we want to be executed by the tarhet system. It can be used to identify hosts and services on a network, as well as security issues. For instance, in the following module the username/password options will be set whilst the HttpUsername/HttpPassword options will not: For the following module, as there are no USERNAME/PASSWORD options, the HttpUsername/HttpPassword options will be chosen instead for HTTP Basic access Authentication purposes. This command returns all the variables that need to be completed before running an exploit. We'll come back to this port for the web apps installed. The Metasploitable virtual machine is an intentionally vulnerable version of Ubuntu Linux designed for testing security tools and demonstrating common vulnerabilities. By searching SSH, Metasploit returns 71 potential exploits. Then we send our exploit to the target, it will be created in C:/test.exe. Summing up, we had a reverse shell connect to a jump host, where an SSH tunnel was used to funnel the traffic back into our handler. The previous article covered how my hacking knowledge is extremely limited, and the intention of these articles is for an audience to see the progress of a non-technical layman when approaching ethical hacking. Target service / protocol: http, https In case of running the handler from the payload module, the handler is started using the to_handler command. In our case we have checked the vulnerability by using Nmap tool, Simply type #nmap p 443 script ssl-heartbleed [Targets IP]. Since port 443 is running, we open the IP in the browser: https://192.168.1.110. Wannacry vulnerability that runs on EternalBlue, 7 Exciting Smartphones Unveiled at MWC 2023, The 5 Weirdest Products We Saw at MWC 2023, 4 Unexpected Uses for Computer Vision In Use Right Now, What Is Google Imagen AI? The IIS5X_SSL_PCT exploit connects to the target via SSL (port 443), whereas variants could use other services which use SSL such as LDAP over SSL The first of which installed on Metasploitable2 is distccd. If your website or server has any vulnerabilities then your system becomes hackable. Accessing it is easy: In addition to the malicious backdoors in the previous section, some services are almost backdoors by their very nature. It is outdated, insecure, and vulnerable to malware. The Metasploitable virtual machine is an intentionally vulnerable version of Ubuntu Linux designed for testing security tools and demonstrating common vulnerabilities. Now you just need to wait. Name: HTTP SSL/TLS Version Detection (POODLE scanner) For example, the Mutillidae application may be accessed (in this example) at address http://192.168.56.101/mutillidae/. While communicating over SSL/TLS protocol there is a term that is called Heartbeat, a request message consists of a payload along with the length of the payload i.e. By no means, this is a complete list, new ports, metasploit modules, nmap nse will be added as used. Loading of any arbitrary web page on the Interet or locally including the sites password files.Phishing, SQL injection to dump all usernames and passwords via the username field or the password fieldXSS via any of the displayed fields. o Issue a CCS packet in both the directions, which causes the OpenSSL code to use a zero length pre master secret key. 443/TCP - HTTPS (Hypertext Transport Protocol Secure) - encrypted using Transport Layer Security or, formerly, Secure Sockets Layer. Using simple_backdoors_exec against a single host. Answer: Depends on what service is running on the port. This payload should be the same as the one your Although Metasploit is commercially owned, it is still an open source project and grows and thrives based on user-contributed modules. (Note: See a list with command ls /var/www.) Last modification time: 2020-10-02 17:38:06 +0000 Install Nessus and Plugins Offline (with pictures), Top 10 Vulnerabilities: Internal Infrastructure Pentest, 19 Ways to Bypass Software Restrictions and Spawn a Shell, Accessing Windows Systems Remotely From Linux, RCE on Windows from Linux Part 1: Impacket, RCE on Windows from Linux Part 2: CrackMapExec, RCE on Windows from Linux Part 3: Pass-The-Hash Toolkit, RCE on Windows from Linux Part 5: Metasploit Framework, RCE on Windows from Linux Part 6: RedSnarf, Cisco Password Cracking and Decrypting Guide, Reveal Passwords from Administrative Interfaces, Top 25 Penetration Testing Skills and Competencies (Detailed), Where To Learn Ethical Hacking & Penetration Testing, Exploits, Vulnerabilities and Payloads: Practical Introduction, Solving Problems with Office 365 Email from GoDaddy, SSH Sniffing (SSH Spying) Methods and Defense, Security Operations Center: Challenges of SOC Teams. [*] Trying to mount writeable share 'tmp' [*] Trying to link 'rootfs' to the root filesystem [*] Now access the following share to browse the root filesystem: msf auxiliary(samba_symlink_traversal) > exit, root@ubuntu:~# smbclient //192.168.99.131/tmp, getting file \rootfs\etc\passwd of size 1624 as /tmp/smbmore.ufiyQf (317.2 KiloBytes/sec) (average 317.2 KiloBytes/sec). This article demonstrates an in-depth guide on how to hack Windows 10 Passwords using FakeLogonScreen. in the Metasploit console. Regardless of how many hoops we are jumping through to connect to that session, it can be used as a gateway to a specified network. This Exploitation is divided into 3 steps if any step you already done so just skip and jump to direct Step 3 Using cadaver Tool Get Root Access. Mar 10, 2021. Ethical Hacking----1. Scanning ports is an important part of penetration testing. This can done by appending a line to /etc/hosts. The UDP is faster than the TCP because it skips the establishing connection step and just transfers information to the target computer over a network. In addition to these system-level accounts, the PostgreSQL service can be accessed with username postgres and password postgres, while the MySQL service is open to username root with an empty password. This can often times help in identifying the root cause of the problem. simple_backdoors_exec will be using: At this point, you should have a payload listening. The output of this Docker container shows us the username user and the password to use for connecting via SSH.We want to use privileged ports in this example, so the privileged-ports tag of the image needs to be used as well as root needs to be the user we connect as.On the attacker machine we can initiate our SSH session and reverse tunnels like so: More ports can be added as needed, just make sure to expose them to the docker host. First let's start a listener on our attacker machine then execute our exploit code. This minimizes the size of the initial file we need to transfer and might be useful depending on the attack vector.Whenever there is no reason to do otherwise, a stageless payload is fine and less error-prone. Port Number For example lsof -t -i:8080. Open Kali distribution Application Exploit Tools Armitage. If any number shows up then it means that port is currently being used by another service. This page contains detailed information about how to use the auxiliary/scanner/http/ssl_version metasploit module. So, last time I walked through a very simple execution of getting inside an office camera using a few scripts and an open RTSP port. Metasploit configurations are the same as previously, so in the Metasploit console enter: > show options . Samba, when configured with a writeable file share and "wide links" enabled (default is on), can also be used as a backdoor of sorts to access files that were not meant to be shared. The Telnet port has long been replaced by SSH, but it is still used by some websites today. The -u shows only hosts that list the given port/s as open. This let the server to store more in memory buffer based on the reported length of the requested message and sends him back more information present on the web server. In this article we will focus on the Apache Tomcat Web server and how we can discover the administrator's credentials in order to gain access to the remote system.So we are performing our internal penetration testing and we have discovered the Apache Tomcat running on a remote system on port 8180. Check if an HTTP server supports a given version of SSL/TLS. Exitmap modules implement tasks that are run over (a subset of) all exit relays. With more than 50 global partners, we are proud to count the worlds leading cybersecurity training provider. A brief overview of various scanner HTTP auxiliary modules in the Metasploit Framework. Metasploitable. nmap --script smb-vuln* -p 445 192.168.1.101. Metasploit: EXPLOIT FAIL to BIND 0 Replies 6 yrs ago How To: Run an VNC Server on Win7 How To: Use Meterpeter on OS X Hack Like a Pro: . For example, a webserver has no reason receiving traffic on ports other than 80 or 443.On the other hand, outgoing traffic is easier to disguise in many cases. It depends on the software and services listening on those ports and the platform those services are hosted on. Active Directory Brute Force Attack Tool in PowerShell (ADLogin.ps1), Windows Local Admin Brute Force Attack Tool (LocalBrute.ps1), SMB Brute Force Attack Tool in PowerShell (SMBLogin.ps1), SSH Brute Force Attack Tool using PuTTY / Plink (ssh-putty-brute.ps1), Default Password Scanner (default-http-login-hunter.sh), Nessus CSV Parser and Extractor (yanp.sh). Did you know with the wordpress admin account you not only lose control of your blog but on many hosts the attacker . it is likely to be vulnerable to the POODLE attack described In this example, the URL would be http://192.168.56.101/phpinfo.php. This bug allowed attackers to access sensitive information present on web servers even though servers using TLS secure communication link, because the vulnerability was not in TLS but in its OpenSSL implementation. Metasploit Framework is an open source penetration testing application that has modules for the explicit purpose of breaking into systems and applications. For example, noting that the version of PHP disclosed in the screenshot is version 5.2.4, it may be possible that the system is vulnerable to CVE-2012-1823 and CVE-2012-2311 which affected PHP before 5.3.12 and 5.4.x before 5.4.2. How to hack Android is the most used open source, Linux-based Operating System with 2.5 billion active users. This tutorial is the answer to the most common questions (e.g., Hacking android over WAN) asked by our readers and followers: Solution for SSH Unable to Negotiate Errors. In our Metasploit console, we need to change the listening host to localhost and run the handler again. Same as credits.php. Of course, snooping is not the technical term for what Im about to do. The Exploit Database is a CVE compliant archive of public exploits and corresponding vulnerable software, developed for use by penetration testers and vulnerability researchers. This returns 3 open ports, 2 of which are expected to be open (80 and 443), the third is port 22 which is SSH this certainly should not be open. If your settings are not right then follow the instructions from previously to change them back. We can demonstrate this with telnet or use the Metasploit Framework module to automatically exploit it: On port 6667, Metasploitable2 runs the UnreaIRCD IRC daemon. Enable hints in the application by click the "Toggle Hints" button on the menu bar: The Mutillidae application contains at least the following vulnerabilities on these respective pages: SQL Injection on blog entrySQL Injection on logged in user nameCross site scripting on blog entryCross site scripting on logged in user nameLog injection on logged in user nameCSRFJavaScript validation bypassXSS in the form title via logged in usernameThe show-hints cookie can be changed by user to enable hints even though they are not supposed to show in secure mode, System file compromiseLoad any page from any site, XSS via referer HTTP headerJS Injection via referer HTTP headerXSS via user-agent string HTTP header, Contains unencrytped database credentials. The function now only has 3 lines. To access the web applications, open a web browser and enter the URL http:// where is the IP address of Metasploitable 2. Next, create the following script. If a web server can successfully establish an SSLv3 session, it is likely to be vulnerable to the POODLE attack described on October 14 . To have a look at the exploit's ruby code and comments just launch the following . Step 4 Install ssmtp Tool And Send Mail. During a discovery scan, Metasploit Pro . #6655 Merged Pull Request: use MetasploitModule as a class name, #6648 Merged Pull Request: Change metasploit class names, #6646 Merged Pull Request: Add TLS Server Name Indication (SNI) Support, unify SSLVersion options, #5265 Merged Pull Request: Fix false positive in POODLE scanner, #4034 Merged Pull Request: Add a POODLE scanner and general SSL version scan (CVE-2014-3566), http://googleonlinesecurity.blogspot.com/2014/10/this-poodle-bites-exploiting-ssl-30.html, auxiliary/scanner/ssl/bleichenbacher_oracle, auxiliary/gather/fortios_vpnssl_traversal_creds_leak, auxiliary/scanner/http/cisco_ssl_vpn_priv_esc, auxiliary/scanner/sap/sap_mgmt_con_getprocesslist, auxiliary/server/openssl_altchainsforgery_mitm_proxy, auxiliary/server/openssl_heartbeat_client_memory, auxiliary/scanner/http/coldfusion_version, auxiliary/scanner/http/sap_businessobjects_version_enum, Mac OS X < 10.10 Multiple Vulnerabilities (POODLE) (Shellshock), Mac OS X Multiple Vulnerabilities (Security Update 2014-005) (POODLE) (Shellshock), Apple iOS < 8.1 Multiple Vulnerabilities (POODLE), Mac OS X 10.10.x < 10.10.2 Multiple Vulnerabilities (POODLE), Mac OS X Multiple Vulnerabilities (Security Update 2015-001) (POODLE), Xerox ColorQube 92XX Multiple OpenSSL Vulnerabilities (XRX15AD) (FREAK) (GHOST) (POODLE), OracleVM 3.4 : xen (OVMSA-2018-0248) (Bunker Buster) (Foreshadow) (Meltdown) (POODLE) (Spectre), OracleVM 3.4 : xen (OVMSA-2020-0039) (Bunker Buster) (Foreshadow) (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout) (Meltdown) (POODLE) (Spectre). on October 14, 2014, as a patch against the attack is The next step could be to scan for hosts running SSH in 172.17.0.0/24. Luckily, Hack the Box have made it relatively straightforward. Cross site scripting on the host/ip fieldO/S Command injection on the host/ip fieldThis page writes to the log. Supported platform(s): - The following command line will scan all TCP ports on the Metasploitable 2 instance: Nearly every one of these listening services provides a remote entry point into the system. Anyhow, I continue as Hackerman. List of CVEs: CVE-2014-3566. This document is generic advice for running and debugging HTTP based Metasploit modules, but it is best to use a Metasploit module which is specific to the application that you are pentesting. Other variants exist which perform the same exploit on different SSL enabled services. Digital Forensics and Incident Response (DFIR), Cloud Security with Unlimited Vulnerability Management, 24/7 MONITORING & REMEDIATION FROM MDR EXPERTS, SCAN MANAGEMENT & VULNERABILITY VALIDATION, PLAN, BUILD, & PRIORITIZE SECURITY INITIATIVES, SECURE EVERYTHING CONNECTED TO A CONNECTED WORLD, THE LATEST INDUSTRY NEWS AND SECURITY EXPERTISE, PLUGINS, INTEGRATIONS & DEVELOPER COMMUNITY, UPCOMING OPPORTUNITIES TO CONNECT WITH US. Lets take a vulnerable web application for example; somehow we get it to execute a PHP script of our choosing, so we upload our payload and execute it.If the target can make connections towards the internet, but is not directly reachable, for example, because of a NAT, a reverse shell is commonly used.That means our payload will initiate a connection to our control server (which we call handler in Metasploit lingo). Unsurprisingly, there is a list of potential exploits to use on this version of WordPress. First we create an smb connection. Step 2 SMTP Enumerate With Nmap. And which ports are most vulnerable? However, given that the web page office.paper doesnt seem to have anything of interest on it apart from a few forums, there is likely something hidden. System Weakness is a publication that specialises in publishing upcoming writers in cybersecurity and ethical hacking space. Metasploit can connect to both HTTP and HTTPS ports; use the standard SSL options for HTTPS. At this point of the hack, what Im essentially trying to do is gather as much information as I possibly can that will enable me to execute the next steps. Readers like you help support MUO. (Note: A video tutorial on installing Metasploitable 2 is available here.). Normal scan, will hit port 443, with 1 iteration: python heartbleed-poc.py example.com. However, the steps I take in order to achieve this are actually representative of how a real hack might take place. Additionally, an ill-advised PHP information disclosure page can be found at http:///phpinfo.php. 8443 TCP - cloud api, server connection. You will need the rpcbind and nfs-common Ubuntu packages to follow along. By searching 'SSH', Metasploit returns 71 potential exploits. First things first, as every good hack begins, we run an NMAP scan: Youll notice that Im using the v, -A and -sV commands to scan the given IP address. Inject the XSS on the register.php page.XSS via the username field, Parameter pollutionGET for POSTXSS via the choice parameterCross site request forgery to force user choice. In this article, we are going to learn how to hack an Android phone using Metasploit framework. In the current version as of this writing, the applications are. A network protocol is a set of rules that determine how devices transmit data to and fro on a network. Supported platform(s): Unix, Windows . A file containing a ERB template will be used to append to the headers section of the HTTP request. HTTP (Hypertext Transfer Protocol), is an application-level protocol for distributed, collaborative, hypermedia information systems. It can be vulnerable to mail spamming and spoofing if not well-secured. Its use is to maintain the unique session between the server . 'This vulnerability is part of an attack chain. The FTP port is insecure and outdated and can be exploited using: SSH stands for Secure Shell. Port 80 is a good source of information and exploit as any other port. Inspired by DVWA, Mutillidae allows the user to change the "Security Level" from 0 (completely insecure) to 5 (secure). The backdoor was quickly identified and removed, but not before quite a few people downloaded it. Our next step will be to open metasploit . If a username is sent that ends in the sequence :) [ a happy face ], the backdoored version will open a listening shell on port 6200. The example below uses a Metasploit module to provide access to the root filesystem using an anonymous connection and a writeable share. Solution for SSH Unable to Negotiate Errors. Chioma is an ethical hacker and systems engineer passionate about security. Credit: linux-backtracks.blogspot.com. Going off of the example above, let us recreate the payload, this time using the IP of the droplet. Nmap serves various scripts to identify a state of vulnerability for specific services, similarly, it has the inbuilt script for SMB to identify its vulnerable state for given target IP. This code will redirect the victim server to download and execute a Java class that is obtained from our Python Web Server running on port 80 above. Most of them, related to buffer/stack overflo. It's a UDP port used to send and receive files between a user and a server over a network. By this, I mean that the hack itself is performed on a virtual machine for educational purposes, not to actually bring down a system. It does this by establishing a connection from the client computer to the server or designated computer, and then sending packets of information over the network. From the description of Coyote on the Tomcat page [1], it sounds like this server will be as susceptible to denial of service attacks as the Apache web server was. The discovery scan tests approximately 250 ports that are typically exposed for external services and are more commonly tested during a penetration test. You can log into the FTP port with both username and password set to "anonymous". buffer overflows and SQL injections are examples of exploits. PORT STATE SERVICE 53/tcp open domain 80/tcp open http 88/tcp open kerberos-sec . When enumerating the SMB port, find the SMB version, and then you can search for an exploit on the internet, Searchsploit, or Metasploit. For more modules, visit the Metasploit Module Library. Instead, I rely on others to write them for me! If a web server can successfully establish an SSLv3 session, Lets do it. What is Deepfake, and how does it Affect Cybersecurity. This Heartbeat message request includes information about its own length. Learn how to stay anonymous online; what is darknet and what is the difference between the VPN, TOR, WHONIX, and Tails here. (If any application is listening over port 80/443) Wyze cameras use these ports: 80, 443 TCP/UDP - timelapse, cloud uploads, streaming data. Dump memory scan, will make 100 request and put the output in the binary file dump.bin: python heartbleed-poc.py -n100 -f dump.bin example.com. This module is a scanner module, and is capable of testing against multiple hosts. Now that you know the most vulnerable ports on the internet, you can use this information to perform pentests. The second step is to run the handler that will receive the connection from our reverse shell. msf exploit (smb2)>set rhosts 192.168..104. msf exploit (smb2)>set rport 445. msf exploit (smb2)>exploit. 3 Ways To Avoid Internet Hacking Incidents With Sports Related Ventures, Android Post Exploitation: Exploit ADB using Ghost Framework in Kali Linux, How to Hack Windows 10 Password Using FakeLogonScreen in Kali Linux, Turn Android into Hacking Machine using Kali Linux without Root, How to Hack an Android Phone Using Metasploit Msfvenom in Kali Linux, 9 Easiest Ways to Renew Your Android Phone Visually, How to Remotely Hack an Android Phone WAN or Internet hacking, How to Install Android 9.0 On VirtualBox for Hacking, Policing the Dark Web (TOR): How Authorities track People on Darknet. In penetration testing, these ports are considered low-hanging fruits, i.e. They certainly can! As demonstrated by the image, Im now inside Dwights machine. First, create a list of IPs you wish to exploit with this module. Second, set up a background payload listener. The Exploit Database is a repository for exploits and proof-of-concepts rather than advisories, making it a valuable resource for those who need actionable data right away. Name: Simple Backdoor Shell Remote Code Execution The security vendor analyzed 1.3 petabytes of security data, over 2.8 billion IDS events, 8.2 million verified incidents, and common vulnerabilities for more than 700 SMB customers, in order to compile its Critical . Target network port(s): 80, 443, 3000, 8000, 8008, 8080, 8443, 8880, 8888 DNS stands for Domain Name System. We have several methods to use exploits.