Hi list! Working on an NT box running IIS 4.0 (seems to be patched). Certain tell-tale ports are open (25,80,135,5800,5900) TCP. After doing more research on NT RPC protocol, and searching documented vulnerabilities, I have the ability to dump the contents of the endpoint mapper, and can connect to this port. What could the dumped information be used for? Obviously other connections are displayed, but after scouring Vuln and mailing list archives, the only risk RPC seems to pose is denial of service problems. So... my question(s): 1. Is there a way to authenticate through RPC, or potentially brute force for weak passwords? 2. Is there a way to execute server side commands using RPC? finally... 3. Are there any RPC vulnerabilities out there? (besides denial of service) TIA! Steve
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 10:07:47 PDT