Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

[NSE] msrpc-enum

From: Aleksandar Nikolic <nikolic.alek () gmail com>
Date: Fri, 24 Aug 2012 11:41:29 +0200
Hi all,

I've written a new script which queries MSRPC endpoint mapper and tries
to enumerate all
registered services and get their details.
The script was modeled after dcedump tool from SPIKE fuzzer which was in
turn modeled after
rpcdump tool from Microsoft.
Script uses msrpc lib and works ontop of SMB , which means it supports
authentication with
usual script arguments (smbuser and smbpassword).

Here is the sample output:
-- |     uuid: 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d5
-- |     annotation: DHCP Client LRPC Endpoint
-- |     ncalrpc: dhcpcsvc
-- |
-- |     uuid: 12345678-1234-abcd-ef00-0123456789ab
-- |     annotation: IPSec Policy agent endpoint
-- |     ncalrpc: audit
-- |
-- |     uuid: 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d5
-- |     ip_addr: 0.0.0.0
-- |     annotation: DHCP Client LRPC Endpoint
-- |     tcp_port: 49153
-- |
        -- <snip>
-- |
-- |     uuid: 12345678-1234-abcd-ef00-0123456789ab
-- |     annotation: IPSec Policy agent endpoint
-- |     ncalrpc: securityevent
-- |
-- |     uuid: 12345678-1234-abcd-ef00-0123456789ab
-- |     annotation: IPSec Policy agent endpoint
-- |_    ncalrpc: protected_storage

The script requires a patch to msrpc lib which adds a few functions
related to endpoint mapper.

Check it out and tell me what you think,
Aleksandar

Attachment: msrpc-enum.nse
Description:

Attachment: msrpc.diff
Description: 

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: