Ports are not what's vulnerable, the services that run behind those ports are what would be vulnerable. You need to find out what service is running and then either create your own exploit, or find one on a site such as exploit-db which will usually tell you how to use it.