Metasploit mailing list archives
DCE/RPC in Metasploit
From: tkrpata at bjs.com (Krpata, Tyler)
Date: Thu, 14 Dec 2006 15:54:57 -0500
Hi all, I've been trying to learn how to write modules for Metasploit 3. What I'm trying to do specifically is port an exploit that I wrote for CVE-2006-5854 (Novell Netware Client print spooler buffer overflow). I'm having trouble getting the RPC stuff working right, though. I thought I would basically just copy the structure of some of the SMB modules (like ms06_040_netapi.rb), and replace values like the UUID, "stub" structure, and operation number with my own. When I run the exploit, I'm receiving a fault response from the server with status "nca_s_fault_ndr", and I have to admit I'm somewhat clueless about the MSRPC stuff and I don't know what that means. The one thing I am noticing is that the MSF stuff seems to want to do a Write AndX smb command by default, but I think I want to do a Transaction command...I'm not sure if that's actually my problem or how I would change it. Does anyone have any ideas? I think I'm probably making some fundamentally incorrect assumptions. BTW, if I've said anything blatantly clueless or if there's any prerequisite reading I should be doing, I'd love to know. Thanks, Tyler
Current thread:
- DCE/RPC in Metasploit Krpata, Tyler (Dec 14)
- DCE/RPC in Metasploit H D Moore (Dec 14)
- DCE/RPC in Metasploit Rhys Kidd (Dec 14)
- DCE/RPC in Metasploit Michael Wood (Dec 15)
- DCE/RPC in Metasploit Justin Heath (Dec 15)
- DCE/RPC in Metasploit Michael Wood (Dec 15)
- <Possible follow-ups>
- DCE/RPC in Metasploit Krpata, Tyler (Dec 15)
- DCE/RPC in Metasploit Brian Caswell (Dec 15)
- DCE/RPC in Metasploit Krpata, Tyler (Dec 15)
- DCE/RPC in Metasploit Brian Caswell (Dec 17)
- DCE/RPC in Metasploit Krpata, Tyler (Dec 18)
- DCE/RPC in Metasploit H D Moore (Dec 18)
(Thread continues...)