Metasploit mailing list archives
DCE/RPC in Metasploit
From: bmc at shmoo.com (Brian Caswell)
Date: Sun, 17 Dec 2006 18:39:20 -0500
On Dec 15, 2006, at 5:53 PM, Krpata, Tyler wrote:
It's probably partly your code that I, err, "borrowed" then... :)
This: NDR.long(8) + NDR.long(0) + NDR.long(8) + "\\\x00\\\x00P\x00W\x00N \x00E\x00R\x00\x00\x00" Equiv to: NDR.wstring("\\\\PWNER") BTW, this is bad form, its trivial for lame IDS signature writers to trigger off of and claim they provide protection. This: NDR.long(payload.length/2) + NDR.long(0) + NDR.long(payload.length/ 2) + payload Is equiv to: NDR.wstring_prebuilt(payload) The bit you commented "not sure what this does" is for handling the "did I exploit the box" conditions for one of the DCERPC exploits. You should replace that chunk of code with what the service returns on success or failure of your exploit. Brian
Current thread:
- DCE/RPC in Metasploit Krpata, Tyler (Dec 14)
- DCE/RPC in Metasploit H D Moore (Dec 14)
- DCE/RPC in Metasploit Rhys Kidd (Dec 14)
- DCE/RPC in Metasploit Michael Wood (Dec 15)
- DCE/RPC in Metasploit Justin Heath (Dec 15)
- DCE/RPC in Metasploit Michael Wood (Dec 15)
- <Possible follow-ups>
- DCE/RPC in Metasploit Krpata, Tyler (Dec 15)
- DCE/RPC in Metasploit Brian Caswell (Dec 15)
- DCE/RPC in Metasploit Krpata, Tyler (Dec 15)
- DCE/RPC in Metasploit Brian Caswell (Dec 17)
- DCE/RPC in Metasploit Krpata, Tyler (Dec 18)
- DCE/RPC in Metasploit H D Moore (Dec 18)
- DCE/RPC in Metasploit Krpata, Tyler (Dec 18)
- DCE/RPC in Metasploit Rhys Kidd (Dec 18)