[framework] DCE/RPC in Metasploit
H D Moore
hdm at metasploit.com
Thu Dec 14 15:00:43 CST 2006
On Thursday 14 December 2006 14:54, Krpata, Tyler wrote:
> When I run the exploit, I'm receiving a fault response from the server
> with status "nca_s_fault_ndr", and I have to admit I'm somewhat
> clueless about the MSRPC stuff and I don't know what that means.
That error means your stub data was wrong and the NDR parser threw an
error. You will need to examine the IDL (or reverse it with unmidl, etc)
and create the proper stub data for that operation.
> The
> one thing I am noticing is that the MSF stuff seems to want to do a
> Write AndX smb command by default, but I think I want to do a
> Transaction command...I'm not sure if that's actually my problem or how
> I would change it.
There are a few different ways to do DCERPC calls, you can use
WriteAndX/ReadAndX or NTTrans/ReadAndX interchangably. We use WriteAndX
by default now to enable some SMB segmentation evasion.
> Does anyone have any ideas? I think I'm probably making some
> fundamentally incorrect assumptions. BTW, if I've said anything
> blatantly clueless or if there's any prerequisite reading I should be
> doing, I'd love to know.
There are no great resources for learning about DCERPC in the context of
exploit development -- I think the training courses offered by CanSecWest
and Black Hat are about as close as you can get right now.
-HD
More information about the framework
mailing list