Re: [PEN-TEST] RPC enumeration/execution

From: Ryan Permeh (ryanat_private)
Date: Fri Apr 27 2001 - 12:03:11 PDT

  • Next message: Robert Shea: "Re: [PEN-TEST] websence bypass ?"

    yes and no.  RPC services, like all nt resources, should require a degree of
    authentication and authorization.  For some of theese, NULL session
    authentication may be enough to deal with, others, it may require local or
    domain admin rights.  as for dealing with the "hows", the nt resource kit
    offers a ton of remote admin utilities that use RPC services to do various
    things.
    
    You can also do this programatically, but must be intimately familiar with
    the service.  Nt has the rpc api's all together, but you have to deal with
    the actual service.  oin other words, you don't really have to worry about
    transport, but you do need to worry about content.  some RPC programs offer
    this info, others don't.  you could ida/softice it and find out what is
    being sent and the benefits of it, but that's long and tedious.  There are
    other ways of finding this info(like a sniffer).  If you are concerned about
    a specific service, this works great, if you are concerned about all the
    services offered via RPC, this could take forever, and you may need to find
    another solution.
    
    for most things, though, if you have required rights to access the resource,
    you can do pretty much what you want.
    Signed,
    Ryan Permeh
    eEye Digital Security Team
    http://www.eEye.com/Retina -Network Security Scanner
    http://www.eEye.com/Iris -Network Traffic Analyzer
    
    ----- Original Message -----
    From: "BrainSCAN" <bscanat_private>
    To: <PEN-TESTat_private>
    Sent: Friday, April 27, 2001 1:23 AM
    Subject: RPC enumeration/execution
    
    
    > Hello.
    >
    > > executing server side commands is completely possible via RPC(it is,
    after
    > > all, a remote procedure call:).  you just need a RPC service that
    supports
    > > this.  not certain off the top of my head which services do offer this
    > > functionaliy, but with things like remote killing of processes, remote
    > > administration of just about everything, and whatnot, running commands
    via
    > > rpc is not that big a deal.
    >
    > If I can dump the RPC info using epdump, can I do anything else with RPC?
    > And if it's possible, how?
    >
    > Thanks.
    >
    



    This archive was generated by hypermail 2b30 : Fri Apr 27 2001 - 12:28:16 PDT