Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: [NSE] msrpc-enum

From: Aleksandar Nikolic <nikolic.alek () gmail com>
Date: Fri, 31 Aug 2012 12:03:33 +0200
This has been commited in 29702.



On 8/24/2012 11:41 AM, Aleksandar Nikolic wrote:

Hi all,

I've written a new script which queries MSRPC endpoint mapper and tries
to enumerate all
registered services and get their details.
The script was modeled after dcedump tool from SPIKE fuzzer which was in
turn modeled after
rpcdump tool from Microsoft.
Script uses msrpc lib and works ontop of SMB , which means it supports
authentication with
usual script arguments (smbuser and smbpassword).

Here is the sample output:
-- |     uuid: 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d5
-- |     annotation: DHCP Client LRPC Endpoint
-- |     ncalrpc: dhcpcsvc
-- |
-- |     uuid: 12345678-1234-abcd-ef00-0123456789ab
-- |     annotation: IPSec Policy agent endpoint
-- |     ncalrpc: audit
-- |
-- |     uuid: 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d5
-- |     ip_addr: 0.0.0.0
-- |     annotation: DHCP Client LRPC Endpoint
-- |     tcp_port: 49153
-- |
        -- <snip>
-- |
-- |     uuid: 12345678-1234-abcd-ef00-0123456789ab
-- |     annotation: IPSec Policy agent endpoint
-- |     ncalrpc: securityevent
-- |
-- |     uuid: 12345678-1234-abcd-ef00-0123456789ab
-- |     annotation: IPSec Policy agent endpoint
-- |_    ncalrpc: protected_storage

The script requires a patch to msrpc lib which adds a few functions
related to endpoint mapper.

Check it out and tell me what you think,
Aleksandar


_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: