Nmap Development mailing list archives
[NSE] msrpc-enum
From: Aleksandar Nikolic <nikolic.alek () gmail com>
Date: Fri, 24 Aug 2012 11:41:29 +0200
Hi all, I've written a new script which queries MSRPC endpoint mapper and tries to enumerate all registered services and get their details. The script was modeled after dcedump tool from SPIKE fuzzer which was in turn modeled after rpcdump tool from Microsoft. Script uses msrpc lib and works ontop of SMB , which means it supports authentication with usual script arguments (smbuser and smbpassword). Here is the sample output: -- | uuid: 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d5 -- | annotation: DHCP Client LRPC Endpoint -- | ncalrpc: dhcpcsvc -- | -- | uuid: 12345678-1234-abcd-ef00-0123456789ab -- | annotation: IPSec Policy agent endpoint -- | ncalrpc: audit -- | -- | uuid: 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d5 -- | ip_addr: 0.0.0.0 -- | annotation: DHCP Client LRPC Endpoint -- | tcp_port: 49153 -- | -- <snip> -- | -- | uuid: 12345678-1234-abcd-ef00-0123456789ab -- | annotation: IPSec Policy agent endpoint -- | ncalrpc: securityevent -- | -- | uuid: 12345678-1234-abcd-ef00-0123456789ab -- | annotation: IPSec Policy agent endpoint -- |_ ncalrpc: protected_storage The script requires a patch to msrpc lib which adds a few functions related to endpoint mapper. Check it out and tell me what you think, Aleksandar
Attachment:
msrpc-enum.nse
Description:
Attachment:
msrpc.diff
Description:
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- [NSE] msrpc-enum Aleksandar Nikolic (Aug 24)
- Re: [NSE] msrpc-enum Aleksandar Nikolic (Aug 31)