Jul 16, 2003 This module exploits a stack buffer overflow in the RPCSS service, this vulnerability was originally found by the Last Stage of Delirium research group and has been widely exploited ever since. This module can exploit the English versions of Windows NT 4.0 SP3-6a, Windows 2000, Windows XP, and Windows 2003 all in one request:). Metasploit modules related to Microsoft Windows 7 Metasploit provides useful information and tools for penetration testers, security researchers, and IDS signature developers. This project was created to provide information on exploit techniques and to create a functional knowledgebase for exploit developers and security professionals.
I was running a vulnerability scan against a Windows Server of mine, TCP port 135.I got the following output:By sending a Lookup request to the portmapper TCP 135 it was possibleto enumerate the Distributed Computing Environment services running onthe remote port. Using this information it is possible to connect andbind to each service by sending an RPC request to the remoteport/pipe.So now I have the following questions:.
How can someone connect and bind to each service? What is the command/tool to use, and does it require authentication?. What are the security risks of having this service running, if any?. How can someone connect and bind to each service?
What is the command/tool to use, and does it require authentication?The net use command, browsing network shares, or any other SMB-related command will make use of these services. What are the security risks of having this service running, if any?It's often a necessary service to have running as it provides the backbone of a great deal of Windows network sharing services.
I wouldn't be concerned so much on it running as I would be concerned if it were exposed outside your network. I believe service enumeration and possible undocumented exploits are the two current risks. Because this is a remote procedure call service, it does have some of the same excitement as any application service - think of requests passed there in terms of a web query. They ask for a service (page) and pass certain relevant parameters (GET or POST options). Something on the service's back-end runs and returns a result. See also.