Penetration Testing mailing list archives
RE:Unknown App
From: Jordan Del-Grande <jordan.delgrande () gmail com>
Date: Thu, 21 Jul 2005 12:24:10 -0700
Hey, The first thing i would do is run nessus on the port to check and see it ain't no backdoor such as "hacker defender". I've seen that a lot lately. Next, ask the client if you are allowed access to the box as a local administrator. I would have all your tools burnt to CD/DVD and then begin mapping the service to the exe using tools like netstat -an, psservice.exe, pstat.exe, etc... Note: Do not trust the shit on that box. I am sure there are some some guys on the list who perform mostly host based review or forensic work and can help you out with some additional tools. Hope this helps, Jordan Hello, During a recent pen-test, I discovered that port 80 is opened by an unknown application on multiple client workstations (WinXP). No web server appears to be running or installed - I've tested a few things, but I'm curious what the list thinks is the best next-step to take. Thanks, Golden Earring
Current thread:
- Re: Unknown App, (continued)
- Re: Unknown App Sharad Birmiwal (Jul 22)
- Unknown App Scott Fuhriman (Jul 22)
- Re: Unknown App Sharad Birmiwal (Jul 22)
- RE: Unknown App Bartholomew, Brian J (Jul 21)
- Re: Unknown App ilaiy (Jul 21)
- Re: Unknown App Fabián Gabriel Chiera (Jul 22)
- RE: Unknown App okrehel (Jul 21)
- RE: Unknown App Aleksander P. Czarnowski (Jul 21)
- RE: Unknown App Lyal Collins (Jul 22)
- Re: Unknown App ilaiy (Jul 21)
- RE: Unknown App Jarmon, Don R (Jul 21)
- RE: Unknown App Andre Protas (Jul 21)
- RE:Unknown App Jordan Del-Grande (Jul 21)
- RE: Unknown App Womack, Quintin T - Raleigh, NC - Contractor (Jul 21)
- RE: Unknown App Hagen, Eric (Jul 22)
- Re: Unknown App thenightweighsheavy (Jul 25)
- RE: Unknown App Scott Fuhriman (Jul 25)