Posted 09 December 2012 - 10:04 PM
Through some reading, I've determined that RPC endpoints are a vulnerable point in Windows systems; but I'm not sure why. I'm also not certain what they are used for. I ran a python script I found from CORE security (https://code.google....pcdump.py?r=246) to enumerate RPC endpoints one of my Windows boxes. Looking at the output, I can't determine much. It looks like a lot of UUIDs, and a bunch of information I can't really make much of (ex: Version: 1, Annotation: Impl friendly name, StringBindings: ncalrpc:[Audiosrv], etc.).
Has anyone used rpcdump.py before, or any other tool to enumerate RPC endpoints? What are the purpose of endpoints, and what makes them a vulnerability (I'm assuming you can eventually gain an RPC session using them)?
Thanks for any help/guidance!
Posted 27 December 2012 - 09:16 AM
RPC endpoints are not strictly a vulnerability on their own. They can be secured with passwords, encryption keys, host restrictions, or all of the above. Some RPC endpoints have been historically vulnerable while others may not be.
I have not used rpcdump.py before but I have programmed with lots of RPC-ish mechanisms before (RPC itself, WCF, HTTP RESTful service, SOAP).
I think you may be confusing RPC (remote procedure call) with RDP (remote desktop protocol). While RDP may be a form of RPC depending on how you look at it, not all RPC is related to RDP. The majority of RPC is for services not related to getting remote desktop access.
Hope that helps.
Also tagged with one or more of these keywords: rpc, endpoints, microsoft, windows, msrpc, 135, tcp, rpcdump.py
BinRev is hosted by the great people at Lunarpages!