Just use a straight RPORT, don't sneak 593.

Tod Beardsley · Tod Beardsley · commit ac1fb2d1da18 · 2013-11-19T13:29:02.000-06:00
Incidentally, the endmap scanner doesn't appear to work at all for
http-rpc-epmap, so no harm done anyway (tested against Windows 2008
server).

It looks like a bigger change than it realy is, thanks to the indentaton
changes by removing the itertor. Diff this without whitespace changes to
get a better idea of what's actually different.
diff --git a/lib/msf/core/exploit/dcerpc_epm.rb b/lib/msf/core/exploit/dcerpc_epm.rb
@@ -43,26 +43,20 @@ def dcerpc_endpoint_list
     print_status("Connecting to the endpoint mapper service...")
     begin
       eps   = nil
-      dport = nil
+      dport = datastore['RPORT'] || 135
 
-      [datastore['RPORT'], 135, 593,].uniq.each do |i|
-        dport = i
-        begin
-          eps = Rex::Socket::Tcp.create(
+      begin
+        eps = Rex::Socket::Tcp.create(
           'PeerHost'  => rhost,
           'PeerPort'  => dport,
           'Proxies'   => proxies,
           'Context'   =>
-            {
-              'Msf'        => framework,
-              'MsfExploit' => self,
-            }
-          )
-
-          break
-
-        rescue ::Exception
-        end
+          {
+            'Msf'        => framework,
+            'MsfExploit' => self,
+          }
+        )
+      rescue ::Exception
       end
 
       if (not eps)
