Full Disclosure mailing list archives
Re: Possibly a stupid question RPC over HTTP
From: Roberto Gomez Bolaños <wari00 () gmail com>
Date: Wed, 13 Oct 2004 18:56:06 -0300
Barry Fitzgerald wrote:
Daniel H. Renner wrote:Daniel, Could you please point out where you read this data? I would like to see this one...I seem to remember that this was one of the caveats with regard to MSBlast and RPC/DCOM vulnerabilities last year. In certain configurations, it was theoretically possible (I'd never personally seen any PoC code or worms that exploited it, though) that some RPC calls could be made via RPC over HTML. According to the
more than theoretically posibly... u can chek that with the DCE/RPC endpoint dumper program that is part of the impacket python package: http://oss.coresecurity.com/projects/impacket.html http://oss.coresecurity.com/impacket/rpcdump.py _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Re: Possibly a stupid question RPC over HTTP, (continued)
- Re: Possibly a stupid question RPC over HTTP Barry Fitzgerald (Oct 13)
- Re: Possibly a stupid question RPC over HTTP Shannon Johnston (Oct 13)
- Re: Possibly a stupid question RPC over HTTP Byron L. Sonne (Oct 14)
- Re: Possibly a stupid question RPC over HTTP Maxime Ducharme (Oct 13)
- Re: Possibly a stupid question RPC over HTTP Rodrigo Barbosa (Oct 13)
- RE: Possibly a stupid question RPC over HTTP winter (Oct 14)
- Re: Possibly a stupid question RPC over HTTP Ron DuFresne (Oct 13)
- Re: Possibly a stupid question RPC over HTTP Matthew Farrenkopf (Oct 13)
- RE: Possibly a stupid question RPC over HTTP Todd Towles (Oct 13)
- Re: Possibly a stupid question RPC over HTTP S G Masood (Oct 14)
- Re: Possibly a stupid question RPC over HTTP Roberto Gomez Bolaños (Oct 14)
- RE: Possibly a stupid question RPC over HTTP Burnes, James (Oct 14)
- RE: Possibly a stupid question RPC over HTTP Daniel Sichel (Oct 15)
- RE: Possibly a stupid question RPC over HTTP Airey, John (Oct 21)
- Re: Possibly a stupid question RPC over HTTP Kyle Maxwell (Oct 21)
- RE: Possibly a stupid question RPC over HTTP Airey, John (Oct 22)
- Re: Possibly a stupid question RPC over HTTP Andrew Farmer (Oct 22)
- Re: Possibly a stupid question RPC over HTTP Kyle Maxwell (Oct 24)
- RE: Possibly a stupid question RPC over HTTP Airey, John (Oct 26)
- Re: Possibly a stupid question RPC over HTTP Kevin (Oct 26)