Re: no windows RPC handling?

["Diman Todorov" <diman.todorov () gmail com>]

Hi Mike,

On Sun, Aug 3, 2008 at 11:32 AM, mike <dmciscobgp () hotmail com> wrote:

> hello.
>  i was going through some nmap service scans and attemped some enumeration
> techniques on a standard windows RPC listening 135 socket. i kept firing off
> packets and was left scratching my head on my i was not getting a valid
> portmap/bind dump until i realized something.
>
> the "RPC" section of code is only for SUNrpc service NOT windows! is anyone
> aware of this? i tried to locate any handlings for dumping RPC 135 info but
> could find nothing in nmap for this. i even looked in the scripts and
> version scan portions. is this ever going to be added? you do realize a
> portmap call to port 111 is rather different than sending that same request
> to a 135 windows socket, right? i hope someone can add this
> thank you


RPC is a very broad term. All it says is "remote procedure calls". This can
obviously be anything, in any format. Over time RPC has come to be
synonymous with one or another protocol. The protocol implemented in Nmap is
the one described in RFC 1050. Windows does not implement this protocol. In
the windows world there is DCOM which stands for "Distributed Component
Object Model". In a way, this mouthful is also a method for calling
procedures remotely. Maybe this is why DCOM is often referred to as "RPC".
Currently there are no efforts to add DCOM support to Nmap, there are
various reasons for this. One is that the DCOM protocol specification is not
open. Another is that there are practically no legitimate white or gray hat
applications for a DCOM grinder (see also [1]).

What we currently are working on is adding XML-RPC support. Since XML-RPC is
widely supported on the net (in WordPress for example), it would be one of
the more useful features of Nmap. It was planned to release XML-RPC support
this autumn but unfortunately the plans didn't work out as planned. In other
words, it will be a few more months before Nmap gets a useful XML-RPC
endpoint.

If you feel that DCOM support is an essential feature you are very welcome
to implement it. We will gladly review your patch (more preferably NSE
script) and include it if it passes our auditing process.

cheers,
Diman

[1] http://www.updatexp.com/dcom-windows-xp.html

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org