These are all pretty much standard ports (5631 open on many POS). The first 3 are usually not exposed of course.
If you do not have any valid access logins for those remote admin app ports (pcanywhere and vnc) you will need to rely on an (public or non public) exploit for either those windows services that are visible/exposed, or one of the webserver / router ports (6002/7001/7002).
