hi


i have some problems with RPC

i wanna know some informations about it and especially about the security hole but unfortunalty i dont find good infos on the net




i hope some of you can help me

Please state your operating system... I would recommend searching

http://www.secunia.com for the latest patches etc for RPC vulnerabilities.

They also have a mailing list, But caution, they mail u about every operating system, so unless you
have a heterogenius network, it's kind of annoying.

Sparky's right on this one thenow, you have to give us some additional info, OS, what services may be running.

i wanna exploit the rpc bug in win2k systems

but unfortunalty i dont know how i can do this



can anybody of you help me ??

QUOTE (thenow @ May 11 2003, 09:40 PM)

i wanna exploit the rpc bug in win2k systems but unfortunalty i dont know how i can do this can anybody of you help me ??

well you could start by looking over these exploits to give you an idea on how thing have been done

http://www.securityfocus.com/bid/6005/exploit/

http://www.cert.org/advisories/CA-2003-03.html

plus plenty more to chase up

http://www.google.com/search?hl=en&lr=&ie=...G=Google+Search

A good thing to keep in mind is that any IIS 4.0 enabled machine must have RPC enabled.

after nuking the server what shall i do then ?

what is the next step ?

before you nuke, Dos , buffer etc

scan the box for open ports ... then see what services the open ports are running .... look for an exploit to match the service

ok

that means through rpc nuken you just have the possiblity to get a connection through other services, haven´t you ?


sry one silly question:


what makes the differences between rpc nuken and then hacking into a system compared to hack in pc´s over an running service without rpc nuking ?

Basically the difference is what service you are actually attacking. RPC is just one of many. In reality it doesn't matter how you get there just that you did.

i still have a problem i havent found good exploit up to now


does anyone of you have one ?


perhaps we can share it

LOL see exloits section....they dont come any easier

so

finally i found the rpc locator exploit and could compile it


but now i need a scanner for scanning server if they are vulnerable.


has anyone such a scanner ? or can say me the name of it ?

for quick scanning i use angry Angry IP Scanner 2.16 fast and very good for open port scanning

http://www.angryziber.com/ipscan/

also shadow security scanner can exploit what it finds...but at a price it aint free

http://www.safety-lab.com/en/products/1.htm

but languard is

http://www.gfi.com/languard/

also Nmap...you might find it a bit to complicated if your new to scanning

http://www.insecure.org/nmap/

but my favorite toy has to be netcat...

http://www.atstake.com/research/tools/netw...work_utilities/

here is also a quick banner grabber from 8th wonder called server robot

http://www.8th-wonder.net/dl.asp?id=srobot_full.zip

enjoy

talk about spoon feeding the newbs.
isnt hacking about finding out stuff on your own.

NetComm

Great list comsec worth treasuring. U don't come out of your shell often but when you do its something very special.
Thanks(again)

NetComm,
Yes it is But finding out things at your own is way harder then just being a script kid So taht's why it's so puplar, you can hack servers without doing shit only compile

Gr. woutiir

since this topic is about rpc...

In the rpc dcom exploit u gotta specify the OS and service pack version of the system. Now all the scanners that I tried don't do that. (Retina RPC DCOM comes to mind). Anyway the OS I can usually figure out using other scanning programs...but how can u know what the SP version of the system is?

vnet,

As far as i know you can't. Only if you're having alot of luck on open ports (they must be all open). Otherwise you can't i'm affraid, so it's still a big gamble, you should think logical, abit of a user uses the newest SP's, tho, this aint true always.... So, kinda hard, still it's a useful exploit definately for a DOS But hey, who wants to dos if he they can penatrate first :]

Anyway, if someone DOES know a technique to find out the SP it would be really usefull, post it here!


Lat0r dudes and dudettes :]

woutiir