Dcerpc/hidden
De www.metasploit-es.com.ar
El escaneador dcerpc/hidden conecta a un rango de direcciones IP dado e intenta localizar cualquier servicio RPC que no este listado en el EndPoint Mapper y determina si se permite acceso anonimo al servicio.
msf > use auxiliary/scanner/dcerpc/hidden msf auxiliary(hidden) > show options Module options: Name Current Setting Required Description ---- --------------- -------- ----------- RHOSTS yes The target address range or CIDR identifier THREADS 1 yes The number of concurrent threads
Como puedes ver, no hay muchas opciones para configurar, por lo que simplemente lo apuntaremos hacia algunos objetivos y lo ejecutaremos.
msf auxiliary(hidden) > set RHOSTS 192.168.1.200-254 RHOSTS => 192.168.1.200-254 msf auxiliary(hidden) > set THREADS 55 THREADS => 55 msf auxiliary(hidden) > run [*] Connecting to the endpoint mapper service... [*] Connecting to the endpoint mapper service... [*] Connecting to the endpoint mapper service... ...snip... [*] Connecting to the endpoint mapper service... [*] Connecting to the endpoint mapper service... [*] Could not obtain the endpoint list: DCERPC FAULT => nca_s_fault_access_denied [*] Could not contact the endpoint mapper on 192.168.1.203 [*] Could not obtain the endpoint list: DCERPC FAULT => nca_s_fault_access_denied [*] Could not contact the endpoint mapper on 192.168.1.201 [*] Could not connect to the endpoint mapper service [*] Could not contact the endpoint mapper on 192.168.1.250 [*] Looking for services on 192.168.1.204:1025... [*] HIDDEN: UUID 12345778-1234-abcd-ef00-0123456789ab v0.0 [*] Looking for services on 192.168.1.202:49152... [*] CONN BIND CALL ERROR=DCERPC FAULT => nca_s_fault_ndr [*] [*] HIDDEN: UUID c681d488-d850-11d0-8c52-00c04fd90f7e v1.0 [*] CONN BIND CALL ERROR=DCERPC FAULT => nca_s_fault_ndr [*] [*] HIDDEN: UUID 11220835-5b26-4d94-ae86-c3e475a809de v1.0 [*] CONN BIND ERROR=DCERPC FAULT => nca_s_fault_access_denied [*] [*] HIDDEN: UUID 5cbe92cb-f4be-45c9-9fc9-33e73e557b20 v1.0 [*] CONN BIND ERROR=DCERPC FAULT => nca_s_fault_access_denied [*] [*] HIDDEN: UUID 3919286a-b10c-11d0-9ba8-00c04fd92ef5 v0.0 [*] CONN BIND CALL DATA=0000000057000000 [*] [*] HIDDEN: UUID 1cbcad78-df0b-4934-b558-87839ea501c9 v0.0 [*] CONN BIND ERROR=DCERPC FAULT => nca_s_fault_access_denied [*] [*] HIDDEN: UUID c9378ff1-16f7-11d0-a0b2-00aa0061426a v1.0 [*] CONN BIND ERROR=DCERPC FAULT => nca_s_fault_access_denied [*] [*] Remote Management Interface Error: The connection timed out (192.168.1.202:49152). ...snip... [*] Scanned 55 of 55 hosts (100% complete) [*] Auxiliary module execution completed msf auxiliary(hidden) >
Como puedes ver, a pesar de una configuracion simple, hemos podido obtener alguna informacion adicional sobre uno de nuestros objetivos.
© Offensive Security 2009
Original de www.offensive-security.com Traducido por cbk999