From: Aleksander P. Czarnowski (alekc@avet.com.pl)
Date: Thu Jul 21 2005 - 16:55:54 EDT
This will work only if command prompt access is granted - guess clicking on Control Panel/Add-Remove Application icon would be easier in case of legitimate application ;-)
In case of remote test the most simple solution would be nmap's -A switch or some other application fingerprinting tool. You can try also do some fuzzing and see if you'll get any response. Secondly - because this is Windows system - you might try to enumerate remotely running services or access system/application logs remotely (considering you have credential or there are no restriction on NULL session and ports 135-139 are not filtered.)
Best Regards,
Aleksander Czarnowski
AVET INS
> -----Original Message-----
> From: Bartholomew, Brian J [mailto:BartholomewBJ@state.gov]
> Sent: Thursday, July 21, 2005 6:47 PM
> To: thenightweighsheavy@gmail.com; pen-test@securityfocus.com
> Subject: RE: Unknown App
>
>
> A simple Fport should tell you what it is...
>
> http://www.foundstone.com/index.htm?subnav=resources/navigation.ht
> m&subcontent=/resources/proddesc/fport.htm
>
> Brian J. Bartholomew (CISSP)
> Red Cell
> US Department of State
> Bureau of Diplomatic Security
> Office of Computer Security
> Ph: 571-345-2670
> Cell: 202-369-6349
>
>
> -----Original Message-----
> From: thenightweighsheavy@gmail.com
> [mailto:thenightweighsheavy@gmail.com]
> Sent: Thursday, July 21, 2005 2:56 AM
> To: pen-test@securityfocus.com
> Subject: Unknown App
>
>
> Hello,
>
> During a recent pen-test, I discovered that port 80 is opened by
> an unknown application on multiple client workstations (WinXP).
> No web server appears to be running or installed - I've tested a
> few things, but I'm curious what the list thinks is the best
> next-step to take.
> Thanks,
> Golden Earring
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:54:37 EDT