Re: [PEN-TEST] RPC enumeration/execution

From: Ryan Permeh (ryanat_private)
Date: Fri Apr 27 2001 - 12:03:11 PDT

Next message: Robert Shea: "Re: [PEN-TEST] websence bypass ?"

Previous message: BrainSCAN: "[PEN-TEST] RPC enumeration/execution"
In reply to: BrainSCAN: "[PEN-TEST] RPC enumeration/execution"
Next in thread: Felix Huber: "Re: [PEN-TEST] RPC enumeration"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

yes and no.  RPC services, like all nt resources, should require a degree of
authentication and authorization.  For some of theese, NULL session
authentication may be enough to deal with, others, it may require local or
domain admin rights.  as for dealing with the "hows", the nt resource kit
offers a ton of remote admin utilities that use RPC services to do various
things.

You can also do this programatically, but must be intimately familiar with
the service.  Nt has the rpc api's all together, but you have to deal with
the actual service.  oin other words, you don't really have to worry about
transport, but you do need to worry about content.  some RPC programs offer
this info, others don't.  you could ida/softice it and find out what is
being sent and the benefits of it, but that's long and tedious.  There are
other ways of finding this info(like a sniffer).  If you are concerned about
a specific service, this works great, if you are concerned about all the
services offered via RPC, this could take forever, and you may need to find
another solution.

for most things, though, if you have required rights to access the resource,
you can do pretty much what you want.
Signed,
Ryan Permeh
eEye Digital Security Team
http://www.eEye.com/Retina -Network Security Scanner
http://www.eEye.com/Iris -Network Traffic Analyzer

----- Original Message -----
From: "BrainSCAN" <bscanat_private>
To: <PEN-TESTat_private>
Sent: Friday, April 27, 2001 1:23 AM
Subject: RPC enumeration/execution


> Hello.
>
> > executing server side commands is completely possible via RPC(it is,
after
> > all, a remote procedure call:).  you just need a RPC service that
supports
> > this.  not certain off the top of my head which services do offer this
> > functionaliy, but with things like remote killing of processes, remote
> > administration of just about everything, and whatnot, running commands
via
> > rpc is not that big a deal.
>
> If I can dump the RPC info using epdump, can I do anything else with RPC?
> And if it's possible, how?
>
> Thanks.
>

Next message: Robert Shea: "Re: [PEN-TEST] websence bypass ?"
Previous message: BrainSCAN: "[PEN-TEST] RPC enumeration/execution"
In reply to: BrainSCAN: "[PEN-TEST] RPC enumeration/execution"
Next in thread: Felix Huber: "Re: [PEN-TEST] RPC enumeration"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 27 2001 - 12:28:16 PDT