Jump to content


Photo
- - - - -

Purpose of RPC Endpoints?

rpc endpoints microsoft windows msrpc 135 tcp rpcdump.py

  • Please log in to reply
1 reply to this topic

#1 mukti

mukti

    Will I break 10 posts?

  • Members
  • 2 posts
  • Country:
  • Gender:Male
  • Location:Jersey/Philly

Posted 09 December 2012 - 10:04 PM

Hello everyone! I'm new here, and this is my first post, but I've been studying security on and off for some time. Currently I'm a student studying IT, and working as a sysadmin. I'm looking to get into the security field, and I hope to become a vaulable member of this community!

Through some reading, I've determined that RPC endpoints are a vulnerable point in Windows systems; but I'm not sure why. I'm also not certain what they are used for. I ran a python script I found from CORE security (https://code.google....pcdump.py?r=246) to enumerate RPC endpoints one of my Windows boxes. Looking at the output, I can't determine much. It looks like a lot of UUIDs, and a bunch of information I can't really make much of (ex: Version: 1, Annotation: Impl friendly name, StringBindings: ncalrpc:[Audiosrv], etc.).

Has anyone used rpcdump.py before, or any other tool to enumerate RPC endpoints? What are the purpose of endpoints, and what makes them a vulnerability (I'm assuming you can eventually gain an RPC session using them)?

Thanks for any help/guidance!

#2 ntheory

ntheory

    data pillager

  • Agents of the Revolution
  • 1,757 posts

Posted 27 December 2012 - 09:16 AM

RPC stands for remote procedure call. RPC endpoints are the places where applications can go to request a service to perform some function for then. Windows sharing (SAMBA or SMB aka server message block) is a good example of an RPC endpoint. An application can say "Hey, give me this chunk of a file" and the server can spit it back to them.

RPC endpoints are not strictly a vulnerability on their own. They can be secured with passwords, encryption keys, host restrictions, or all of the above. Some RPC endpoints have been historically vulnerable while others may not be.

I have not used rpcdump.py before but I have programmed with lots of RPC-ish mechanisms before (RPC itself, WCF, HTTP RESTful service, SOAP).

I think you may be confusing RPC (remote procedure call) with RDP (remote desktop protocol). While RDP may be a form of RPC depending on how you look at it, not all RPC is related to RDP. The majority of RPC is for services not related to getting remote desktop access.

Hope that helps.




BinRev is hosted by the great people at Lunarpages!