I'm looking for any guidance around testing a service I've found running on a target server. I'm doing a 'black-box' pen-test and the company is one of those 'I-don't-want-to-tell-you-anything' types so they won't tell us what service is running.
NMap picked up an open port and suggested it was a SIP service, however after testing a number of different SIP attacks/clients it almost certainly is not (the box i'm testing is also supposed to be just a webserver).
I've not had much experience with fuzzing TCP ports before and from what I've found it seems you need to have some information about the protocol first before you can start fuzzing (a template of sorts). Additionally, a 'dictionary' of different things to throw at the service is required as well (which is usually relevant to the type of application your testing). What can I do if I don't have either of these things?
Since I know nothing about the application and what it's expecting it seems like I can't run anything against it. Is that correct? Am I missing something obvious here that will help?
Edit: To be clear, there is Also an Apache+Tomcat web server running on 443 and this is a linux box. That part is not an issue as i've already tested it. Its just this other 'random' port which I have no idea about.