Hi, Recently been playing around a fair bit with Dave Aitel and Todd Sabin's MSRPC tools to query the endpoint mapper at TCP/UDP 135 and glean IfId details from dynamic high ports (TCP 1025, UDP 1028, et al) using Sabin's ifids tool (http://razor.bindview.com/tools/desc/rpctools1.0-readme.html): D:\rpctools> ifids -p ncadg_ip_udp -e 1028 192.168.189.1 Interfaces: 16 367abb81-9844-35f1-ad32-98f038001003 v2.0 93149ca2-973b-11d1-8c39-00c04fb984f9 v0.0 82273fdc-e32a-18c3-3f78-827929dc23ea v0.0 65a93890-fab9-43a3-b2a5-1e330ac28f11 v2.0 8d9f4e40-a03d-11ce-8f69-08003e30051b v1.0 6bffd098-a112-3610-9833-46c3f87e345a v1.0 8d0ffe72-d252-11d0-bf8f-00c04fd9126b v1.0 c9378ff1-16f7-11d0-a0b2-00aa0061426a v1.0 0d72a7d4-6148-11d1-b4aa-00c04fb66ea0 v1.0 4b324fc8-1670-01d3-1278-5a47bf6ee188 v3.0 300f3532-38cc-11d0-a3f0-0020af6b0add v1.2 6bffd098-a112-3610-9833-012892020162 v0.0 17fdd703-1827-4e34-79d4-24a55c53bb37 v1.0 5a7b91f8-ff00-11d0-a9b2-00c04fb6e6fc v1.0 3ba0ffc0-93fc-11d0-a4ec-00a0c9062910 v1.0 8c7daf44-b6dc-11d1-9a4c-0020af6e7c57 v1.0 D:\rpctools> I have managed to work out a few of the IfId values (using fport and other tools), as follows: 906b0ce0-c70b-1067-b317-00dd010662da = MSDTC 5a7b91f8-ff00-11d0-a9b2-00c04fb6e6fc = Messenger 1ff70682-0a51-30e8-076d-740be8cee98b = MSTask I am just wondering if there is a complete Microsoft-published or otherwise list of these IfId values? This kind of information would be useful when playing with MSRPC in blind pentesting cases.. Regards, Chris Chris McNab Technical Director Matta Security Limited 18 Noel Street London W1F 8GN Tel: 0870 077 1100 Web: www.trustmatta.com --------------------------------------------------------------------------- Did you know that you have VNC running on your network? Your hacker does. Plug your security holes. Download a free 15-day trial of VAM: http://www.securityfocus.com/StillSecure-pen-test ----------------------------------------------------------------------------
This archive was generated by hypermail 2b30 : Sun May 11 2003 - 10:02:07 PDT