yes and no. RPC services, like all nt resources, should require a degree of authentication and authorization. For some of theese, NULL session authentication may be enough to deal with, others, it may require local or domain admin rights. as for dealing with the "hows", the nt resource kit offers a ton of remote admin utilities that use RPC services to do various things. You can also do this programatically, but must be intimately familiar with the service. Nt has the rpc api's all together, but you have to deal with the actual service. oin other words, you don't really have to worry about transport, but you do need to worry about content. some RPC programs offer this info, others don't. you could ida/softice it and find out what is being sent and the benefits of it, but that's long and tedious. There are other ways of finding this info(like a sniffer). If you are concerned about a specific service, this works great, if you are concerned about all the services offered via RPC, this could take forever, and you may need to find another solution. for most things, though, if you have required rights to access the resource, you can do pretty much what you want. Signed, Ryan Permeh eEye Digital Security Team http://www.eEye.com/Retina -Network Security Scanner http://www.eEye.com/Iris -Network Traffic Analyzer ----- Original Message ----- From: "BrainSCAN" <bscanat_private> To: <PEN-TESTat_private> Sent: Friday, April 27, 2001 1:23 AM Subject: RPC enumeration/execution > Hello. > > > executing server side commands is completely possible via RPC(it is, after > > all, a remote procedure call:). you just need a RPC service that supports > > this. not certain off the top of my head which services do offer this > > functionaliy, but with things like remote killing of processes, remote > > administration of just about everything, and whatnot, running commands via > > rpc is not that big a deal. > > If I can dump the RPC info using epdump, can I do anything else with RPC? > And if it's possible, how? > > Thanks. >
This archive was generated by hypermail 2b30 : Fri Apr 27 2001 - 12:28:16 PDT