Re: IIS instance detection

[Jason Jarvis <k41zen () me com>]

Ooooo I do have WMIC :)

So a bit of remote WMIC code execution and some commandlinekungfu.com Fu - hmmmm.



On 13 Dec 2010, at 18:43, Jason Jarvis <k41zen () me com> wrote:

> I have a client that needs to deploy security patches for Apache but are not 100% sure of which host houses the 
> instance or the ports used either.
>
> My question is how can I identify 100%  of the instances effectively and reasonably quietly without scanning nearly 
> all of the ports on all the hosts?
>
> I thought of pulling the ports enabled from the host based firewall solution and scanning these with nmap. But a port 
> could be blocked through the firewall and an instance still listening locally although not remotely accessible 
> providing the FW is running. These do exist for tools run locally and I've seen the FW fail too so want to ensure 
> coverage for these also.
>
> I like the idea of using Nessus (which I have) to perform a credentialed local scan of the ports listening on the 
> server but I think this needs SMB and Admin shares enabled which I don't have.
>
> Is there another way to do this? 
>
> Grateful for any ideas.
>
> Regards,
>
> K41zen
_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com