Metasploit mailing list archives
DCE/RPC in Metasploit
From: tkrpata at bjs.com (Krpata, Tyler)
Date: Mon, 18 Dec 2006 10:55:50 -0500
Oh...that's much more convenient! Thanks for the input. I replaced the first bit with this: NDR.wstring("\\"+Rex::Text.rand_text_alphanumeric(12)) If I'm looking for a certain return code at the end of the dcerpc.last_response.stub_data, is this an ok way to do it? if(dcerpc.last_response.stub_data =~ /\x09\x07\x00\x00$/)
-----Original Message----- From: Brian Caswell [mailto:bmc at shmoo.com] Sent: Sunday, December 17, 2006 6:39 PM To: framework at metasploit.com Subject: Re: [framework] DCE/RPC in Metasploit On Dec 15, 2006, at 5:53 PM, Krpata, Tyler wrote:It's probably partly your code that I, err, "borrowed" then... :)This: NDR.long(8) + NDR.long(0) + NDR.long(8) +
"\\\x00\\\x00P\x00W\x00N
\x00E\x00R\x00\x00\x00" Equiv to: NDR.wstring("\\\\PWNER") BTW, this is bad form, its trivial for lame IDS signature writers to trigger off of and claim they provide protection. This: NDR.long(payload.length/2) + NDR.long(0) +
NDR.long(payload.length/
2) + payload Is equiv to: NDR.wstring_prebuilt(payload) The bit you commented "not sure what this does" is for handling the "did I exploit the box" conditions for one of the DCERPC exploits. You should replace that chunk of code with what the service returns on success or failure of your exploit. Brian
Current thread:
- DCE/RPC in Metasploit Krpata, Tyler (Dec 14)
- DCE/RPC in Metasploit H D Moore (Dec 14)
- DCE/RPC in Metasploit Rhys Kidd (Dec 14)
- DCE/RPC in Metasploit Michael Wood (Dec 15)
- DCE/RPC in Metasploit Justin Heath (Dec 15)
- DCE/RPC in Metasploit Michael Wood (Dec 15)
- <Possible follow-ups>
- DCE/RPC in Metasploit Krpata, Tyler (Dec 15)
- DCE/RPC in Metasploit Brian Caswell (Dec 15)
- DCE/RPC in Metasploit Krpata, Tyler (Dec 15)
- DCE/RPC in Metasploit Brian Caswell (Dec 17)
- DCE/RPC in Metasploit Krpata, Tyler (Dec 18)
- DCE/RPC in Metasploit H D Moore (Dec 18)
- DCE/RPC in Metasploit Krpata, Tyler (Dec 18)
- DCE/RPC in Metasploit Rhys Kidd (Dec 18)