Ooooo I do have WMIC :) So a bit of remote WMIC code execution and some commandlinekungfu.com Fu - hmmmm.
On 13 Dec 2010, at 18:43, Jason Jarvis <[email protected]> wrote: > I have a client that needs to deploy security patches for Apache but are not > 100% sure of which host houses the instance or the ports used either. > > My question is how can I identify 100% of the instances effectively and > reasonably quietly without scanning nearly all of the ports on all the hosts? > > I thought of pulling the ports enabled from the host based firewall solution > and scanning these with nmap. But a port could be blocked through the > firewall and an instance still listening locally although not remotely > accessible providing the FW is running. These do exist for tools run locally > and I've seen the FW fail too so want to ensure coverage for these also. > > I like the idea of using Nessus (which I have) to perform a credentialed > local scan of the ports listening on the server but I think this needs SMB > and Admin shares enabled which I don't have. > > Is there another way to do this? > > Grateful for any ideas. > > Regards, > > K41zen _______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
