rpcdump.py 10.10.10.10 -p 593
TCP 135 is the Endpoint Mapper and Component Object Model (COM) Service Control Manager. There’s a tool called rpcmap.py from Impacket that will show these mappings. This tool needs a stringbinding argument to enable it’s connection. The examples from -h are:
stringbinding String binding to connect to MSRPC interface, for example: ncacn_ip_tcp:192.168.0.1[135]
ncacn_np:192.168.0.1[\pipe\spoolss]
ncacn_http:192.168.0.1[593]
ncacn_http:[6001,RpcProxy=exchange.contoso.com:443]
ncacn_http:localhost[3388,RpcProxy=rds.contoso:443]
rpcmap.py 'ncacn_ip_tcp:10.10.10.10'
reference for MS-DCOM
#if you find IOXIDResolver in the UUID's you can run below script to
#list network interfaces
git clone https://github.com/mubix/IOXIDResolver.git
cd IOXIDResolver
python3 -m pip install -r requirements.txt
python IOXIDResolver.py -t 10.10.10.10
Other things to check
reg.py 10.10.10.10 query -keyName HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows -s
services.py -no-pass 10.10.10.10 list
You can find windows rpctools here
Comments
Post a Comment