Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email email@example.com
Date: Tue May 01 2001 - 02:30:13 CDT
i wrote a little tool to get all userinfos(name, rights,
groups...), all accounts (user, workstation), all shares
and a pw check.. you can also try to crack all user pw
with the bf method.
you can disable anonymous connection (null
connect) in the registry, when you work in a single
domain envoirement. the nunn connection is used
when you admin. multible domains (with trust), afaik.
> Hi list!
> Working on an NT box running IIS 4.0 (seems
to be patched).
> Certain tell-tale ports are open
> After doing more research on NT RPC
protocol, and searching
> documented vulnerabilities, I have the ability to
dump the contents of the
> endpoint mapper, and can connect to this port.
What could the dumped
> information be used for? Obviously other
connections are displayed, but
> after scouring Vuln and mailing list archives, the
only risk RPC seems to
> pose is denial of service problems.
> So... my question(s):
> 1. Is there a way to authenticate through
RPC, or potentially
> brute force for weak passwords?
> 2. Is there a way to execute server side
commands using RPC?
> 3. Are there any RPC vulnerabilities out
there? (besides denial of