Re: [PEN-TEST] RPC enumeration

• Previous message: Frank Knobbe: "Re: [PEN-TEST] wireless LAN traffic sniffing"
• In reply to: Steve Skoronski: "[PEN-TEST] RPC enumeration"
• Next in thread: Felix Huber: "Re: [PEN-TEST] RPC enumeration"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> Hi list!
> ....
> finally...
>
>          3. Are there any RPC vulnerabilities out there? (besides denial
of
> service)
>
>
> TIA!
>
> Steve

Hi Steve,

sorry for the late reply - just saw this Thread

here is a possible exploit for the RPC Win2K Port:

"nc target.host 7 < /dev/zero" for TCP or
"nc -u target.host 53 < /dev/zero" for UDP

Sending a specially malformed RPC packet via port 135-139 or 445 to a
Windows 2000 server will halt the RPC service entirely.
A reboot is required in order to regain normal functionality.


Regards,
Felix Huber


-------------------------------------------------------
Felix Huber, Web Application Programmer, Webtopia
Guendlinger Str.2, 79241 Ihringen - Germany
huberfelixat_private     (07668)  951 156 (phone)
http://www.webtopia.de     (07668)  951 157 (fax)
                                         (01792)  205 724 (mobile)
-------------------------------------------------------

• Next message: Fred Mobach: "Re: [PEN-TEST] port 9200/udp scans (Print Lexmark)"
• Previous message: Frank Knobbe: "Re: [PEN-TEST] wireless LAN traffic sniffing"
• In reply to: Steve Skoronski: "[PEN-TEST] RPC enumeration"
• Next in thread: Felix Huber: "Re: [PEN-TEST] RPC enumeration"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Sun Apr 29 2001 - 07:40:50 PDT