|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: [Spike] Need Help understanding + using Spike better!
From: Dave Aitel (dave
immunitysec.com)
Date: Mon Apr 07 2003 - 16:33:03 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
I'm not sure why it says "was not able to connect to..." but here's some
help:
dcedump and ifids do two different things. dcedump is like rpcinfo - it
should really only be used on port 135. ifids is more like a localized
rpcdump - it will tell you what services are listening on a particular
port.
So in this case, you appear to be running the "messanger service" on
port 1025.
To fuzz a MSRPC service, my process is to use dcedump, get a list of tcp
ports that are listening for RPC, then use ifids on each port and list
all the interfaces and versions on that port. Then I plug that data into
domsrpcfuzz.sh, which in turn calls msrpcfuzz.
Hopefully that helps,
Dave Aitel
Immunity, Inc.
On Thu, 3 Apr 2003 23:27:34 -0800 (PST)
Tasha Smith <natasha3641yahoo.com> wrote:
> Hiii
> > >
> > > My name is Tasha. I just started to play with Spikev2.8 on my Home
> > > LAN recently and was wondering if you guys can help me out just a
> > > little. Maybe im too much of a newbie to be playing with it yet
> > > but...im sort of confused.;) I was reading the mailling list from
> > > Secruity Focus and it said that it can be run against a
> > > DCE-Service like 135, but then people
> were talking about port 1025 and using FUZZER
> > > against it also. So tryed a few things like these commands to get
> > > an idea on to use SPIKE here is some things i tryed?
> > >
> > > ./dcedump 111.111.111.111 1025
> > > DCE-RPC tester.
> > > Was not able to connect to 111.111.111.111
> > >
> > > but then running gives me this output:
> > >
> > > ./ifids 111.111.111.111 1025
> > > DCE-RPC IFIDS by Dave Aitel.
> > > Finds all the interfaces and versions listening on that TCP port
> > > Tcp Connected
> > > Found 58 entries
> > > 631dff68-3c39-4c6c-aae3-e68e2c6503ad v1.0
> > > 00000144-0000-0000-c000-000000000046 v0.0
> > > 18f70470-8e64-11cf-9af1-0020af6e72f4 v0.0
> > > 00000141-0000-0000-c000-000000000046 v0.0
> > > 00000133-0000-0000-c000-000000000046 v0.0
> > > 00000112-0000-0000-c000-000000000046 v0.0
> > > 1ff70681-0a51-30e8-076d-740be8cee98b v1.0
> > > 378e52c0-c0a9-11cf-822d-00aa0051e40f v1.0
> > > 0a74ef2c-41a4-4e06-83ae-dc74fb1cdd53 v1.0
> > > 3faf4739-3a21-4307-b46c-fdda9bb8c0d5 v1.0
> > > 6bffd099-a112-3610-9833-46c3f87e345a v1.0
> > > 8d0ffe73-d252-11d0-bf8f-00c04fd9126b v1.0
> > > a3b749c1-e3d0-4967-a521-124055d1c37d v1.0
> > > 0d72a7e4-6148-11d1-b4aa-00c04fb66ea0 v1.0
> > >
> > > Im not really sure what the output from the ifids command is. And
> > > i want to try FUZZER but not sure how to use it properly! Any help
> > > or ideas to get me more familiar on how to use SPIKE better. i
> > > have read the documents on the site but am still a little
> > > confused. Maybe some links or
> more detailed commands to use.
> > > Thanks For any Help Guys!
> > >
> > > Tasha---<----
> > >
> > >
> > > __________________________________________________
>
>
> __________________________________________________
> Do you Yahoo!?
> Yahoo! Tax Center - File online, calculators, forms, and more
> http://tax.yahoo.com
>
> _______________________________________________
> Spike mailing list
> Spikeimmunitysec.com
> http://www.immunitysec.com/mailman/listinfo/spike
>
_______________________________________________
Spike mailing list
Spikeimmunitysec.com
http://www.immunitysec.com/mailman/listinfo/spike
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]