Sometimes during pentest(s) we can find some not-so-usual ports open. Few of them you can find described here or here in latest posts. But today we will check "that 6600/tcp" port open. Here we go...
We will start here:
Quick summary:
If there is port 6600/tcp open - it could be a good indicator that there is CA Agent installed.
So:
In case you would like to check it 'as your local user', try this from the command line (cmd.exe):
cmd.exe> wmic service get name,pathname | findstr /i "c:\pro"
You should find that interesting line:
Next thing you can do is:
cmd.exe> sc qc nolioagent
Cool enough to:
- use calc.exe (copied from c:\windows\system32)
- and replace nolio_w.exe with our calc.exe
- to finally restart service.
Checking:
...and...
Maybe you'll find it useful. :)
Cheers
Brak komentarzy:
Prześlij komentarz