Nmap Development mailing list archives
Re: no windows RPC handling?
From: Ron Bowes <ron.bowes () javaop com>
Date: Sun, 03 Aug 2008 13:52:57 -0500
Diman Todorov wrote:
RPC is a very broad term. All it says is "remote procedure calls". This can obviously be anything, in any format. Over time RPC has come to be synonymous with one or another protocol. The protocol implemented in Nmap is the one described in RFC 1050. Windows does not implement this protocol. In the windows world there is DCOM which stands for "Distributed Component Object Model". In a way, this mouthful is also a method for calling procedures remotely. Maybe this is why DCOM is often referred to as "RPC". Currently there are no efforts to add DCOM support to Nmap, there are various reasons for this. One is that the DCOM protocol specification is not open. Another is that there are practically no legitimate white or gray hat applications for a DCOM grinder (see also [1]). What we currently are working on is adding XML-RPC support. Since XML-RPC is widely supported on the net (in WordPress for example), it would be one of the more useful features of Nmap. It was planned to release XML-RPC support this autumn but unfortunately the plans didn't work out as planned. In other words, it will be a few more months before Nmap gets a useful XML-RPC endpoint. If you feel that DCOM support is an essential feature you are very welcome to implement it. We will gladly review your patch (more preferably NSE script) and include it if it passes our auditing process. cheers, Diman [1] http://www.updatexp.com/dcom-windows-xp.html
I'm currently doing research on the Windows RPC/DCOM/SMB stuff for my own personal entertainment, although it's a slow process. But in the next couple of months, I should have the skills to help out with this kind of addition.
And, of course, I'd be happy to do it.I'm not sure, at the moment, what can be done. I'm thinking it's possible to enumerate some NULL-session stuff, like exposed functions? And maybe we can let users input administrative credentials (username/password or username/hash) and probe services more deeply? I'm honestly not sure, I've never worked with this before, but I'm learning.
Ron _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- no windows RPC handling? mike (Aug 03)
- Re: no windows RPC handling? Diman Todorov (Aug 03)
- Re: no windows RPC handling? Ron Bowes (Aug 03)
- Re: no windows RPC handling? Diman Todorov (Aug 03)