RE: Unknown App

["Aleksander P. Czarnowski" <alekc () avet com pl>]

This will work only if command prompt access is granted - guess clicking on Control Panel/Add-Remove Application icon 
would be easier in case of legitimate application ;-)

In case of remote test the most simple solution would be nmap's -A switch or some other application fingerprinting 
tool. You can try also do some fuzzing and see if you'll get any response. Secondly - because this is Windows system - 
you might try to enumerate remotely running services or access system/application logs remotely (considering you have 
credential or there are no restriction on NULL session and ports 135-139 are not filtered.) 

Best Regards,
Aleksander Czarnowski
AVET INS 

> -----Original Message-----
> From: Bartholomew, Brian J [mailto:BartholomewBJ () state gov]
> Sent: Thursday, July 21, 2005 6:47 PM
> To: thenightweighsheavy () gmail com; pen-test () securityfocus com
> Subject: RE: Unknown App
>
>
> A simple Fport should tell you what it is...
>
> http://www.foundstone.com/index.htm?subnav=resources/navigation.ht
> m&subcontent=/resources/proddesc/fport.htm
>
> Brian J. Bartholomew (CISSP)
> Red Cell
> US Department of State
> Bureau of Diplomatic Security
> Office of Computer Security
> Ph: 571-345-2670
> Cell: 202-369-6349
>
>
> -----Original Message-----
> From: thenightweighsheavy () gmail com
> [mailto:thenightweighsheavy () gmail com]
> Sent: Thursday, July 21, 2005 2:56 AM
> To: pen-test () securityfocus com
> Subject: Unknown App
>
>
> Hello,
>
> During a recent pen-test, I discovered that port 80 is opened by 
> an unknown application on multiple client workstations (WinXP).  
> No web server appears to be running or installed - I've tested a 
> few things, but I'm curious what the list thinks is the best 
> next-step to take.
> Thanks,
> Golden Earring