i have some problems with RPC
i wanna know some informations about it and especially about the security hole but unfortunalty i dont find good infos on the net
i hope some of you can help me
Full Version: RPC
hi
i have some problems with RPC
i wanna know some informations about it and especially about the security hole but unfortunalty i dont find good infos on the net
i hope some of you can help me
i have some problems with RPC
i wanna know some informations about it and especially about the security hole but unfortunalty i dont find good infos on the net
i hope some of you can help me
Please state your operating system... I would recommend searching
http://www.secunia.com for the latest patches etc for RPC vulnerabilities.
They also have a mailing list, But caution, they mail u about every operating system, so unless you
have a heterogenius network, it's kind of annoying.
I would recommend searching http://www.secunia.com for the latest patches etc for RPC vulnerabilities.
They also have a mailing list, But caution, they mail u about every operating system, so unless you
have a heterogenius network, it's kind of annoying.
Sparky's right on this one thenow, you have to give us some additional info, OS, what services may be running.
i wanna exploit the rpc bug in win2k systems
but unfortunalty i dont know how i can do this
can anybody of you help me ??
but unfortunalty i dont know how i can do this
can anybody of you help me ??
| QUOTE (thenow @ May 11 2003, 09:40 PM) |
| i wanna exploit the rpc bug in win2k systems but unfortunalty i dont know how i can do this can anybody of you help me ?? |
well you could start by looking over these exploits to give you an idea on how thing have been done
http://www.securityfocus.com/bid/6005/exploit/
http://www.cert.org/advisories/CA-2003-03.html
plus plenty more to chase up
http://www.google.com/search?hl=en&lr=&ie=...G=Google+Search
A good thing to keep in mind is that any IIS 4.0 enabled machine must have RPC enabled.
after nuking the server what shall i do then ?
what is the next step ?
what is the next step ?
before you nuke, Dos , buffer etc
scan the box for open ports ... then see what services the open ports are running .... look for an exploit to match the service
scan the box for open ports ... then see what services the open ports are running .... look for an exploit to match the service
ok
that means through rpc nuken you just have the possiblity to get a connection through other services, havenīt you ?
sry one silly question:
what makes the differences between rpc nuken and then hacking into a system compared to hack in pcīs over an running service without rpc nuking ?
that means through rpc nuken you just have the possiblity to get a connection through other services, havenīt you ?
sry one silly question:
what makes the differences between rpc nuken and then hacking into a system compared to hack in pcīs over an running service without rpc nuking ?
Basically the difference is what service you are actually attacking. RPC is just one of many. In reality it doesn't matter how you get there just that you did. 
i still have a problem i havent found good exploit up to now 
does anyone of you have one ?
perhaps we can share it
does anyone of you have one ?
perhaps we can share it
LOL see exloits section....they dont come any easier
so
finally i found the rpc locator exploit and could compile it
but now i need a scanner for scanning server if they are vulnerable.
has anyone such a scanner ? or can say me the name of it ?
finally i found the rpc locator exploit and could compile it
but now i need a scanner for scanning server if they are vulnerable.
has anyone such a scanner ? or can say me the name of it ?
for quick scanning i use angry Angry IP Scanner 2.16 fast and very good for open port scanning
http://www.angryziber.com/ipscan/
also shadow security scanner can exploit what it finds...but at a price it aint free
http://www.safety-lab.com/en/products/1.htm
but languard is
http://www.gfi.com/languard/
also Nmap...you might find it a bit to complicated if your new to scanning
http://www.insecure.org/nmap/
but my favorite toy has to be netcat...
http://www.atstake.com/research/tools/netw...work_utilities/
here is also a quick banner grabber from 8th wonder called server robot
http://www.8th-wonder.net/dl.asp?id=srobot_full.zip
enjoy
http://www.angryziber.com/ipscan/
also shadow security scanner can exploit what it finds...but at a price it aint free
http://www.safety-lab.com/en/products/1.htm
but languard is
http://www.gfi.com/languard/
also Nmap...you might find it a bit to complicated if your new to scanning
http://www.insecure.org/nmap/
but my favorite toy has to be netcat...
http://www.atstake.com/research/tools/netw...work_utilities/
here is also a quick banner grabber from 8th wonder called server robot
http://www.8th-wonder.net/dl.asp?id=srobot_full.zip
enjoy
talk about spoon feeding the newbs.
isnt hacking about finding out stuff on your own.
NetComm
isnt hacking about finding out stuff on your own.
NetComm
| QUOTE (netcomm @ Aug 1 2003, 07:44 AM) |
| talk about spoon feeding the newbs. isnt hacking about finding out stuff on your own. NetComm |
eerrrm this forum is called... Exploit Research & Discussion
if someone not as smart as you...needs help with some problem then they are free to post the problem , we can discuss and try solve it together
am pretty sure you were a newbie once NetComm so am sure you understand
Great list comsec worth treasuring. U don't come out of your shell often but when you do its something very special.
Thanks(again)
Thanks(again)
NetComm,
Yes it is
But finding out things at your own is way harder then just being a script kid So taht's why it's so puplar, you can hack servers without doing shit only compile 
Gr. woutiir
Yes it is
But finding out things at your own is way harder then just being a script kid So taht's why it's so puplar, you can hack servers without doing shit only compile Gr. woutiir
since this topic is about rpc...
In the rpc dcom exploit u gotta specify the OS and service pack version of the system. Now all the scanners that I tried don't do that. (Retina RPC DCOM comes to mind). Anyway the OS I can usually figure out using other scanning programs...but how can u know what the SP version of the system is?
In the rpc dcom exploit u gotta specify the OS and service pack version of the system. Now all the scanners that I tried don't do that. (Retina RPC DCOM comes to mind). Anyway the OS I can usually figure out using other scanning programs...but how can u know what the SP version of the system is?
vnet,
As far as i know you can't. Only if you're having alot of luck on open ports (they must be all open). Otherwise you can't i'm affraid, so it's still a big gamble, you should think logical, abit of a user uses the newest SP's, tho, this aint true always.... So, kinda hard, still it's a useful exploit definately for a DOS But hey, who wants to dos if he they can penatrate first :]
Anyway, if someone DOES know a technique to find out the SP it would be really usefull, post it here!
Lat0r dudes and dudettes :]
woutiir
As far as i know you can't. Only if you're having alot of luck on open ports (they must be all open). Otherwise you can't i'm affraid, so it's still a big gamble, you should think logical, abit of a user uses the newest SP's, tho, this aint true always.... So, kinda hard, still it's a useful exploit definately for a DOS
But hey, who wants to dos if he they can penatrate first :]Anyway, if someone DOES know a technique to find out the SP it would be really usefull, post it here!
Lat0r dudes and dudettes :]
woutiir
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
