Are you saying you can login with WMI but don't have credentials to do a full Nessus audit?
Passively, if you have the ability to deploy something like Tenable's Passive Vulnerability Scanner, it will detect any web server, unique web site, SSL certificates, .etc on any port as long as there is traffic to it. Ron Gula On 12/13/2010 1:54 PM, Jason Jarvis wrote: > Ooooo I do have WMIC :) > > So a bit of remote WMIC code execution and some commandlinekungfu.com Fu - > hmmmm. > > > > On 13 Dec 2010, at 18:43, Jason Jarvis <[email protected]> wrote: > >> I have a client that needs to deploy security patches for Apache but are not >> 100% sure of which host houses the instance or the ports used either. >> >> My question is how can I identify 100% of the instances effectively and >> reasonably quietly without scanning nearly all of the ports on all the hosts? >> >> I thought of pulling the ports enabled from the host based firewall solution >> and scanning these with nmap. But a port could be blocked through the >> firewall and an instance still listening locally although not remotely >> accessible providing the FW is running. These do exist for tools run locally >> and I've seen the FW fail too so want to ensure coverage for these also. >> >> I like the idea of using Nessus (which I have) to perform a credentialed >> local scan of the ports listening on the server but I think this needs SMB >> and Admin shares enabled which I don't have. >> >> Is there another way to do this? >> >> Grateful for any ideas. >> >> Regards, >> >> K41zen > _______________________________________________ > Pauldotcom mailing list > [email protected] > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > Main Web Site: http://pauldotcom.com > _______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
