|
| 1 | +## Description |
| 2 | + |
| 3 | +The dcerpc/tcp_dcerpc_auditor module scans a range of IP addresses to determine what DCERPC services are available over a TCP port. |
| 4 | + |
| 5 | +## Verification Steps |
| 6 | + |
| 7 | +1. Do: ```use auxiliary/scanner/dcerpc/tcp_dcerpc_auditor``` |
| 8 | +2. Do: ```set RHOSTS [IP]``` |
| 9 | +3. Do: ```set THREADS [number of threads]``` |
| 10 | +4. Do: ```run``` |
| 11 | + |
| 12 | +To run this scanner, we just need to set our RHOSTS and THREADS values and let it run. |
| 13 | + |
| 14 | +## Scenarios |
| 15 | + |
| 16 | +**Running the scanner** |
| 17 | +``` |
| 18 | +msf > use auxiliary/scanner/dcerpc/tcp_dcerpc_auditor |
| 19 | +msf auxiliary(tcp_dcerpc_auditor) > show options |
| 20 | +
|
| 21 | +Module options: |
| 22 | +
|
| 23 | + Name Current Setting Required Description |
| 24 | + ---- --------------- -------- ----------- |
| 25 | + RHOSTS yes The target address range or CIDR identifier |
| 26 | + RPORT 135 yes The target port |
| 27 | + THREADS 1 yes The number of concurrent threads |
| 28 | +
|
| 29 | +msf auxiliary(tcp_dcerpc_auditor) > set RHOSTS 192.168.1.200-254 |
| 30 | +RHOSTS => 192.168.1.200-254 |
| 31 | +msf auxiliary(tcp_dcerpc_auditor) > set THREADS 55 |
| 32 | +THREADS => 55 |
| 33 | +msf auxiliary(tcp_dcerpc_auditor) > run |
| 34 | +
|
| 35 | +The connection was refused by the remote host (192.168.1.250:135). |
| 36 | +The host (192.168.1.210:135) was unreachable. |
| 37 | +...snip... |
| 38 | +The host (192.168.1.200:135) was unreachable. |
| 39 | +[*] Scanned 38 of 55 hosts (069% complete) |
| 40 | +...snip... |
| 41 | +The host (192.168.1.246:135) was unreachable. |
| 42 | +192.168.1.203 - UUID 99fcfec4-5260-101b-bbcb-00aa0021347a 0.0 OPEN VIA 135 ACCESS GRANTED 00000000000000000000000000000000000000000000000005000000 |
| 43 | +192.168.1.201 - UUID 99fcfec4-5260-101b-bbcb-00aa0021347a 0.0 OPEN VIA 135 ACCESS GRANTED 00000000000000000000000000000000000000000000000005000000 |
| 44 | +192.168.1.204 - UUID 99fcfec4-5260-101b-bbcb-00aa0021347a 0.0 OPEN VIA 135 ACCESS GRANTED 00000000000000000000000000000000000000000000000076070000 |
| 45 | +192.168.1.202 - UUID 99fcfec4-5260-101b-bbcb-00aa0021347a 0.0 OPEN VIA 135 ACCESS GRANTED 00000000000000000000000000000000000000000000000005000000 |
| 46 | +192.168.1.204 - UUID afa8bd80-7d8a-11c9-bef4-08002b102989 1.0 OPEN VIA 135 ACCESS GRANTED 000002000b0000000b00000004000200080002000c0002001000020014000200180002001c0002002000020024000200280002002c0002000883afe11f5dc91191a408002b14a0fa0300000084650a0b0f9ecf11a3cf00805f68cb1b0100010026b5551d37c1c546ab79638f2a68e86901000000e6730ce6f988cf119af10020af6e72f402000000c4fefc9960521b10bbcb00aa0021347a00000000609ee7b9523dce11aaa100006901293f000002001e242f412ac1ce11abff0020af6e7a17000002003601000000000000c0000000000000460000000072eef3c67eced111b71e00c04fc3111a01000000b84a9f4d1c7dcf11861e0020af6e7c5700000000a001000000000000c0000000000000460000000000000000 |
| 47 | +192.168.1.204 - UUID e1af8308-5d1f-11c9-91a4-08002b14a0fa 3.0 OPEN VIA 135 ACCESS GRANTED d8060000 |
| 48 | +[*] Scanned 52 of 55 hosts (094% complete) |
| 49 | +[*] Scanned 54 of 55 hosts (098% complete) |
| 50 | +The connection timed out (192.168.1.205:135). |
| 51 | +[*] Scanned 55 of 55 hosts (100% complete) |
| 52 | +[*] Auxiliary module execution completed |
| 53 | +msf auxiliary(tcp_dcerpc_auditor) > |
| 54 | +``` |
| 55 | + |
| 56 | +As you can see, this quick scan has turned up some available services on a number of our hosts which could warrant further investigation. |
0 commit comments