Penetration Testing mailing list archives
Re: Pen-Test Question: Network Computing Architecture Connection
From: Ivan Arce <ivan.arce () coresecurity com>
Date: Wed, 05 May 2004 21:19:59 -0300
Thats MS RPC over HTTP, some MSRPC-borne exploits might work over that transport i am not aware of any publicly available but these references might help you: http://www.corest.com/common/showdoc.php?idx=393&idxseccion=10 http://oss.corest.com/projects/impacket.html http://www.eeye.com/html/Research/Advisories/AD20030910.html http://www.eeye.com/html/Research/Tools/RPCDCOM.html http://www.microsoft.com/technet/security/bulletin/MS03-039.mspx http://seclists.org/lists/incidents/2002/Mar/0046.html -ivan Jeremy Junginger wrote:
During the course of a pen-test, I've located a device that gives the following response: ncacn_http/1.0 on port 6001. This looks like Microsoft Network Computing Architecture Connection. I was thinking about using rpctools (http://razor.bindview.com/tools/desc/rpctools1.0-readme.html). Any other tips/tools/suggestions? -Jeremy ------------------------------------------------------------------------------ Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html -------------------------------------------------------------------------------
-- --- To strive, to seek, to find, and not to yield. - Alfred, Lord Tennyson Ulysses,1842 Ivan Arce CTO CORE SECURITY TECHNOLOGIES 46 Farnsworth Street Boston, MA 02210 Ph: 617-399-6980 Fax: 617-399-6987 ivan.arce () coresecurity com www.coresecurity.com PGP Fingerprint: C7A8 ED85 8D7B 9ADC 6836 B25D 207B E78E 2AD1 F65A ------------------------------------------------------------------------------ Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html -------------------------------------------------------------------------------
Current thread:
- Pen-Test Question: Network Computing Architecture Connection Jeremy Junginger (May 05)
- Re: Pen-Test Question: Network Computing Architecture Connection Ivan Arce (May 06)