Penetration Testing mailing list archives
Re: Unknown App
From: Sharad Birmiwal <sharadbirmiwal () gmail com>
Date: Fri, 22 Jul 2005 15:00:48 +0530
i recently discovered some worm on my network that tried to spread a payload file 'xxxxxxxx' by binding on port 80. it didn't serve a banner or any webpages, but http://<ip>/xxxxxxxx worked. sharad birmiwal On 7/21/05, Scott Fuhriman <fuhrimans () llix net> wrote:
The easiest and fastest approach is to use a port mapping utility like Active Ports (http://www.ntutility.com) or TCPview (www.sysinternals.com) (there are others like fport, etc...) which will allow you to see what process has port 80 open on the machines. This will allow you to identify what application/process is utilizing that port. Scott Fuhriman
Current thread:
- Unknown App thenightweighsheavy (Jul 21)
- Unknown App Scott Fuhriman (Jul 21)
- Re: Unknown App Sharad Birmiwal (Jul 22)
- Unknown App Scott Fuhriman (Jul 22)
- Re: Unknown App Sharad Birmiwal (Jul 22)
- <Possible follow-ups>
- RE: Unknown App Bartholomew, Brian J (Jul 21)
- Re: Unknown App ilaiy (Jul 21)
- Re: Unknown App Fabián Gabriel Chiera (Jul 22)
- RE: Unknown App okrehel (Jul 21)
- RE: Unknown App Aleksander P. Czarnowski (Jul 21)
- RE: Unknown App Lyal Collins (Jul 22)
- Re: Unknown App ilaiy (Jul 21)
- RE: Unknown App Jarmon, Don R (Jul 21)
- RE: Unknown App Andre Protas (Jul 21)
- RE:Unknown App Jordan Del-Grande (Jul 21)
(Thread continues...)
- Unknown App Scott Fuhriman (Jul 21)