How to succeed a Pentest when All Ports Target System are Filtered?Advanced Penetration Testing Course

Begin Learning Cyber Security for FREE Now!

Already a Member Login Here

Home Forums Courses Advanced Penetration Testing Course How to succeed a Pentest when All Ports Target System are Filtered?

This topic contains 15 replies, has 10 voices, and was last updated by  Milan 4 years, 5 months ago.

Viewing 16 posts - 1 through 16 (of 16 total)
  • Author
  • #39797


    I have very serious concerns.
    In fact, I scanned a site (my website) with NMAP and I get as a result of the analysis that “All Ports are Filtered on Target System“.
    So then do you think it is impossible to penetrate this system because all ports are filtered ???
    If so, what other technical staff for my successful pentesting in such cases ???

    Thank you in advance to find out.

    • This topic was modified 4 years, 6 months ago by  apocalypse0.

    The Son of a Widow

    I am more than a skeptic here regarding this being your website. If this is your website, what permission do you have attempting a penetration test against the server it’s being hosted on? Did your host approve you? If they did, and it’s your website, what’s stopping you from Penetration Testing the Web Application locally if you wrote it and have the source code? Using Nmap against the web application locally, you may or may not get the ports filtered message. What’s sitting in between the traffic flowing outward when doing a scan? Perhaps a firewall?

    If you’re hosting the web application with your host and have permission, what information is nmap going to give you that you already don’t know about your host (port & service related)? Your host gives you what web server software and version are installed. It gives you the exact operating system name and version. Your web host allows you to FTP or SSH files up to the website. Your host gives you an admin web portal to login to (perhaps not on Port 80) identifying what type of software is running on the port. You hosting with a company actually know more information than nmap can provide. What use is a Port Scanner here in your situation?



    Thank you for your reply but know above all that my goal is to look for vulnerabilities in Web Application. This Web Application is that of the company in which I work as a programmer.
      But also know that it does not have a page with the button “Browse” to download (add) a backdoor into the system.
      I especially know that the web server runs on Windows and uses port 80 “Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP)”.
       Here are the results of the software used on the Web servers below below:

    Not shown: 998 filtered ports


    80/tcp open http Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP)

    |_http-title: Not Found

    443/tcp open ssl/https?

    | ssl-cert: Subject:

    | Not valid before: 2015-02-05T16:24:38

    |_Not valid after: 2018-02-07T15:52:31

    Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port

    Device type: general purpose|specialized|phone

    Running (JUST GUESSING): Microsoft Windows 2008|7|Phone|Vista (89%)

    OS CPE: cpe:/o:microsoft:windows_server_2008:r2:sp1 cpe:/o:microsoft:windows_8 cpe:/o:microsoft:windows_7::sp1 cpe:/o:microsoft:windows_7 cpe:/o:microsoft:windows cpe:/o:microsoft:windows_vista::- cpe:/o:microsoft:windows_vista::sp1

    Aggressive OS guesses: Microsoft Windows Server 2008 R2 SP1 (89%), Microsoft Windows Server 2008 (89%), Microsoft Windows Server 2008 R2 or Windows 8 (89%), Microsoft Windows 7 SP1 (89%), Microsoft Windows Embedded Standard 7 (89%), Microsoft Windows 8.1 Update 1 (89%), Microsoft Windows Phone 7.5 or 8.0 (89%), Microsoft Windows Server 2008 or 2008 Beta 3 (88%), Microsoft Windows Server 2008 R2 (88%), Microsoft Windows Server 2008 R2 SP1 or Windows 8 (88%)

    No exact OS matches for host (test conditions non-ideal).

    Network Distance: 23 hops

    Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows

    Thank you for your help.

    • This reply was modified 4 years, 6 months ago by  apocalypse0.


    The Son of a Widow, I have seen companies hosting webaps on their own servers and done pentest with them. Those were mainly minor local ISPs and they wanted not just webapp test bud test of their network … so if it is the case why not to start with fingerprinting and scans.



    If you have the site hosted, there is a good chance the firewall is going to block you when you fire up the port scan. Look at some of the randomization options that nmap has (if you want to keep at doing that as you can really spread the attempts out etc, which will take maybe all night but will set off less ids’s). Also if you think a port is open, well then try sending it data and see if you get data back. In reality what are you looking for port wise? There is a good chance you only have port 21/22/25/80/443/etc open.

    Use openvas (its open source and comes with Kali) and penn test your web app. Do homework on the info above, as going into detail on the forum is going to be too much data to type. Look up zap proxy setup and ncat (to setup a listener …if need be). Also wireshark is your friend for debugging on a packet level. Fire up kali, as all the above are apps already installed.



    Ok great thank you @opsecj


    Franck KAMGAING




    ^burp suite (another hint)


    Johan Grotherus

    No system is impossible to penetrate, maybe except the one that is simply turned off. As for your website, not all ports are filtered as a web server is obviously responding. Nmap is not a good tool for finding vulnerabilities on a website, even though it has limited support for this. There are a lot of better options and it all depends on what type of technology the website uses. So I would start there, just browsing around the site to get a feel for it. Once you get a feel for it, there are a number of tools available.

    With web applications, once could attack by perhaps SQL injection or XSS, go after the web server itself or perhaps the backend database if there is such a thing. It all depends on what is available to you as an attacker to go after.



    Ok thank you @johan Grotherus and @opsecj.



    OWASP ZAP has a lot of automated application tests.



    ^ +1



    What is the website url? There are tools that will allow you to grab a copy of the site for testing if it’s web app sec testing you’re performing. When are you performing these test on that production site?
    @opsecj Good call on burp suite..



    maybe the server blocks port scans



    try to manually inspect the ports



    @johan Really cool one “No system is impossible to penetrate, maybe except the one that is simply turned off”

Viewing 16 posts - 1 through 16 (of 16 total)

You must be logged in to reply to this topic.

Our Revolution

We believe Cyber Security training should accessible for everyone, everywhere. Everyone deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is the world's largest community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

We recommend always using caution when following any link

Are you sure you want to continue?